Free Malware Removal Forum

[catalia]

Additional information: With each application opened I get a message:

"The application or DLL globalroot\systemroot\system32\hjgruiuulwslhn.dll is not a valid Windows image. Please check this against your installation diskette."

Here is the HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:10:11 PM, on 8/11/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe a
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 7348 bytes

[MWR 3 day Mod]

Hi,

We are sorry to see your topic is over three days old and no one has yet been able to respond and offer help.

If you still require assistance, please post a link to your topic in our Waiting for help with malware removal? forum, and our staff will make an effort to assist you as promptly as possible. Only post a LINK to this topic, DO NOT post your DDS log!

Please do not reply to this topic.

If you haven't posted within two days in the "Waiting for help with malware removal?" forum, we will assume you have been able to get assistance in other ways and this topic will be closed.

[muppy03]

Hello and welcome to Malware Removal Forums

IMPORTANT

Whatever repairs we make, are for fixing your computer problems only and by no means should be used on another computer.
To make cleaning this machine easier:-

• Continue to respond to this thread until I give you the All Clean!
• Please DO NOT uninstall/install any programs unless asked to. It is more difficult when files/programs appear or disappear from the logs.
• Please do not run any scans other than those requested and do not post any logs/reports unless specifically requested to do so.
• Please follow all instructions in the order posted.
• If you have any questions or do not understand instructions, please ask before continuing.
• Please reply to this thread. Do not start a new topic.

Disable Spybot's TeaTimer. This is a two step process.

Spybot S&D's tea timer normally provides real-time protection from spyware, however it may interfere with what we need to do. We will disable it until the machine is clean when it can be re-enabled.

First step:

• Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
• If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
• If you have Version 1.4, Click on Exit Spybot S&D Resident

Second step, For Either Version :

• Open Spybot S&D
• Click Mode, choose Advanced Mode
• Go To the bottom of the Vertical Panel on the Left, Click Tools
• then, also in left panel, click Resident shows a red/white shield.
• If your firewall raises a question, say OK
• In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
• OK any prompts.
• Use File, Exit to terminate Spybot
• Reboot your machine for the changes to take effect.

Don't forget to re-enable it, when your computer is clean.

Make an uninstall list using HijackThis
To access the Uninstall Manager you would do the following:

• Start HijackThis
• Click on the Config button
• Click on the Misc Tools button
• Click on the Open Uninstall Manager button.
• Click on the Save list... button and specify where you would like to save this file. When you press Save button a notepad will open with the contents of that file. Save the file to your desktop.

Please post this log on your next reply.

Please download Malwarebytes' Anti-Malware and save to your desktop.

• Double-click mbam-setup.exe and follow the prompts to install the program.
• At the end, be sure a checkmark is placed next to:
  
  Update Malwarebytes' Anti-Malware
  Launch Malwarebytes' Anti-Malware
  
• Then click Finish.
• If an update is found, it will download and install the latest version.
• Once the program has loaded, select Perform Full scan, then click Scan.
• When the scan is complete, click OK, then Show Results to view the results.
• Be sure that everything is checked, and click Remove Selected.
• When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
  
  Note:
• The log can also be found here:
  C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
• Or via the Logs tab when Malwarebytes' Anti-Malware is started.

NEXT If MBAM will not run please rename it as explained below

1. Right click Start - Click Explore
2. Navigate to: c:\program files\malwarebytes' Anti-Malware Right click on mbam.exe - click Rename
3. Type into the name box: muppy.exe


NEXT Download and Run: RSIT

• Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
• Double click on RSIT.exe to run RSIT.
• Click Continue at the disclaimer screen.
• Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please reply with:-

• Uninstall list
• MBAM log
• RSIT logs ( info.txt and log.txt)
  

[catalia]

Thanks for the help so far! The "Bad Image" error messages continue with each application opened.

Uninstall list:

2WIRE Wireless LAN - USB Driver
ABBYY FineReader 5.0 Sprint Plus
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)
Adobe Download Manager
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Reader 8.1.2
Adobe Shockwave Player
Advanced SystemCare 3
Apple Mobile Device Support
Apple Software Update
ArcSoft Software Suite
AusLogics Disk Defrag
AusLogics Registry Cleaner
Bonjour
Broadcom NetXtreme Ethernet Controller
CDDRV_Installer
Critical Update for Windows Media Player 11 (KB959772)
EPSON CardMonitor
EPSON Copy Utility
EPSON Photo Print
EPSON PhotoStarter3.0
EPSON Printer Software
EPSON RX500 Reference Guide
EPSON Scan
EPSON Smart Panel
HijackThis 2.0.2
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB952287)
Intel(R) Extreme Graphics 2 Driver
iTunes
Java(TM) 6 Update 3
KhalInstallWrapper
Logitech SetPoint
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
Microsoft National Language Support Downlevel APIs
Microsoft Office 2000 Professional
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Mozilla Firefox (3.5.2)
Netflix Movie Viewer
QuickTime
RealPlayer
RegScrubXP 3.25
Rhapsody Player Engine
ScanToWeb
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Internet Explorer 7 (KB956390)
Security Update for Windows Internet Explorer 7 (KB958215)
Security Update for Windows Internet Explorer 7 (KB960714)
Security Update for Windows Internet Explorer 7 (KB961260)
Security Update for Windows Internet Explorer 7 (KB963027)
Security Update for Windows Internet Explorer 8 (KB969897)
Security Update for Windows Internet Explorer 8 (KB972260)
Security Update for Windows Media Player (KB952069)
Security Update for Windows Media Player (KB973540)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 11 (KB954154)
Security Update for Windows XP (KB923561)
Security Update for Windows XP (KB938464)
Security Update for Windows XP (KB938464-v2)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952004)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Security Update for Windows XP (KB954211)
Security Update for Windows XP (KB954459)
Security Update for Windows XP (KB954600)
Security Update for Windows XP (KB955069)
Security Update for Windows XP (KB956391)
Security Update for Windows XP (KB956572)
Security Update for Windows XP (KB956744)
Security Update for Windows XP (KB956802)
Security Update for Windows XP (KB956803)
Security Update for Windows XP (KB956841)
Security Update for Windows XP (KB957095)
Security Update for Windows XP (KB957097)
Security Update for Windows XP (KB958644)
Security Update for Windows XP (KB958687)
Security Update for Windows XP (KB958690)
Security Update for Windows XP (KB959426)
Security Update for Windows XP (KB960225)
Security Update for Windows XP (KB960715)
Security Update for Windows XP (KB960803)
Security Update for Windows XP (KB960859)
Security Update for Windows XP (KB961371)
Security Update for Windows XP (KB961373)
Security Update for Windows XP (KB961501)
Security Update for Windows XP (KB968537)
Security Update for Windows XP (KB969898)
Security Update for Windows XP (KB970238)
Security Update for Windows XP (KB971557)
Security Update for Windows XP (KB971633)
Security Update for Windows XP (KB971657)
Security Update for Windows XP (KB973346)
Security Update for Windows XP (KB973354)
Security Update for Windows XP (KB973507)
Security Update for Windows XP (KB973869)
SoundMAX
Spybot - Search & Destroy
Trend Micro Internet Security
Trend Micro Internet Security
Update for Windows Internet Explorer 8 (KB971180)
Update for Windows XP (KB951072-v2)
Update for Windows XP (KB951978)
Update for Windows XP (KB955839)
Update for Windows XP (KB967715)
Update for Windows XP (KB968389)
Update for Windows XP (KB973815)
Windows Internet Explorer 8
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Player 11
Windows Media Player 11
Windows XP Service Pack 3
WinRAR archiver


MBAM Log:

Malwarebytes' Anti-Malware 1.40
Database version: 2633
Windows 5.1.2600 Service Pack 3

8/16/2009 12:07:16 AM
mbam-log-2009-08-16 (00-07-16).txt

Scan type: Full Scan (C:\|)
Objects scanned: 129466
Time elapsed: 18 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 2
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{0ed403e8-470a-4a8a-85a4-d7688cfe39a3} (Adware.Gamevance) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\toprates.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Gamevance\gamevancelib32.dll (Adware.Gamevance) -> Quarantined and deleted successfully.


log.txt file:

Logfile of random's system information tool 1.06 (written by random/random)
Run by Administrator at 2009-08-16 13:57:17
Microsoft Windows XP Professional Service Pack 3
System drive C: has 30 GB (78%) free of 38 GB
Total RAM: 503 MB (23% free)

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:57:31 PM, on 8/16/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre1.6.0_03\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Documents and Settings\Administrator\Desktop\RSIT.exe
C:\Program Files\Trend Micro\HijackThis\Administrator.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 7232 bytes

======Registry dump======

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}]
Adobe PDF Reader Link Helper - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll [2006-10-23 62080]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{53707962-6F74-2D53-2644-206D7942484F}]
Spybot-S&D IE Protection - C:\PROGRA~1\SPYBOT~1\SDHelper.dll [2008-01-28 1554256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}]
SSVHelper Class - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll [2007-09-25 501136]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"=C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE [2004-08-04 208952]
"PHIME2002ASync"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"PHIME2002A"=C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE [2004-08-04 455168]
"Smapp"=C:\Program Files\Analog Devices\SoundMAX\SMTray.exe [2003-05-05 143360]
"DrvLsnr"=C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe [2003-05-08 69632]
"EPSON Stylus Photo RX500"=C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE [2003-06-01 99840]
"SunJavaUpdateSched"=C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe [2007-09-25 132496]
"Adobe Reader Speed Launcher"=C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe [2008-01-11 39792]
"TkBellExe"=C:\Program Files\Common Files\Real\Update_OB\realsched.exe [2008-02-18 185896]
"QuickTime Task"=C:\Program Files\QuickTime\qttask.exe [2008-01-31 385024]
"iTunesHelper"=C:\Program Files\iTunes\iTunesHelper.exe [2008-02-19 267048]
"UfSeAgnt.exe"=C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe [2009-03-31 995528]
"Kernel and Hardware Abstraction Layer"=C:\WINDOWS\KHALMNPR.EXE [2008-12-18 76304]
"igfxtray"=C:\WINDOWS\system32\igfxtray.exe [2005-09-20 94208]
"igfxhkcmd"=C:\WINDOWS\system32\hkcmd.exe [2005-09-20 77824]
"igfxpers"=C:\WINDOWS\system32\igfxpers.exe [2005-09-20 114688]
"KernelFaultCheck"=C:\WINDOWS\system32\dumprep 0 -k []

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"=C:\WINDOWS\system32\ctfmon.exe [2008-04-13 15360]
"OE"=C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe [2008-10-18 497008]
"Advanced SystemCare 3"=C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe [2009-06-30 2329224]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\igfxcui]
C:\WINDOWS\system32\igfxdev.dll [2005-09-20 135168]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\LBTWlgn]
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [2009-02-19 72208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon]
C:\WINDOWS\system32\WgaLogon.dll [2009-03-10 239496]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll [2006-10-18 133632]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\network\WdfLoadGroup]

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System]
"dontdisplaylastusername"=0
"legalnoticecaption"=
"legalnoticetext"=
"shutdownwithoutlogon"=1
"undockwithoutlogon"=1

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"NoDriveTypeAutoRun"=323
"NoDriveAutoRun"=67108863

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\explorer]
"HonorAutoRunSetting"=
"NoDriveAutoRun"=
"NoDriveTypeAutoRun"=
"NoDrives"=
"NoResolveSearch"=

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\standardprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"
"C:\Program Files\Bonjour\mDNSResponder.exe"="C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour"
"C:\Program Files\iTunes\iTunes.exe"="C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes"
"C:\Program Files\Real\RealPlayer\realplay.exe"="C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer"

[HKEY_LOCAL_MACHINE\system\currentcontrolset\services\sharedaccess\parameters\firewallpolicy\domainprofile\authorizedapplications\list]
"%windir%\system32\sessmgr.exe"="%windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019"
"%windir%\Network Diagnostic\xpnetdiag.exe"="%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000"

======List of files/folders created in the last 1 months======

2009-08-16 13:57:16 ----D---- C:\rsit
2009-08-15 22:27:50 ----D---- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2009-08-15 22:27:27 ----D---- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2009-08-15 22:27:26 ----D---- C:\Program Files\Malwarebytes' Anti-Malware
2009-08-15 03:00:20 ----HDC---- C:\WINDOWS\$NtUninstallKB968389$
2009-08-12 03:02:40 ----HDC---- C:\WINDOWS\$NtUninstallKB960859$
2009-08-12 03:02:35 ----HDC---- C:\WINDOWS\$NtUninstallKB971657$
2009-08-12 03:02:29 ----HDC---- C:\WINDOWS\$NtUninstallKB971557$
2009-08-12 03:02:23 ----HDC---- C:\WINDOWS\$NtUninstallKB956744$
2009-08-12 03:02:17 ----HDC---- C:\WINDOWS\$NtUninstallKB973869$
2009-08-12 03:02:11 ----HDC---- C:\WINDOWS\$NtUninstallKB973507$
2009-08-12 03:02:05 ----HDC---- C:\WINDOWS\$NtUninstallKB973354$
2009-08-12 03:01:54 ----HDC---- C:\WINDOWS\$NtUninstallKB973540_WM9$
2009-08-12 03:00:24 ----HDC---- C:\WINDOWS\$NtUninstallKB973815$
2009-08-08 08:27:56 ----A---- C:\WINDOWS\wininit.ini
2009-07-30 08:16:40 ----D---- C:\Program Files\NOS
2009-07-30 08:16:40 ----D---- C:\Documents and Settings\All Users\Application Data\NOS

======List of files/folders modified in the last 1 months======

2009-08-16 13:55:20 ----D---- C:\Program Files\Mozilla Firefox
2009-08-16 00:26:33 ----D---- C:\WINDOWS\system32\CatRoot2
2009-08-16 00:25:52 ----D---- C:\WINDOWS\Prefetch
2009-08-16 00:25:51 ----D---- C:\WINDOWS\temp
2009-08-16 00:22:56 ----A---- C:\WINDOWS\SchedLgU.Txt
2009-08-16 00:08:51 ----D---- C:\WINDOWS\system32\drivers
2009-08-16 00:07:16 ----RD---- C:\Program Files
2009-08-15 23:02:51 ----HD---- C:\WINDOWS\inf
2009-08-15 22:05:17 ----D---- C:\WINDOWS
2009-08-15 03:01:18 ----D---- C:\WINDOWS\system32
2009-08-15 03:00:23 ----RSHDC---- C:\WINDOWS\system32\dllcache
2009-08-14 14:38:59 ----HD---- C:\WINDOWS\$hf_mig$
2009-08-12 03:02:43 ----A---- C:\WINDOWS\imsins.BAK
2009-08-12 03:02:07 ----D---- C:\Program Files\Outlook Express
2009-08-11 21:09:31 ----D---- C:\Program Files\Trend Micro
2009-08-11 19:36:19 ----D---- C:\WINDOWS\network diagnostic
2009-08-08 07:23:03 ----D---- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-08 07:18:30 ----D---- C:\Program Files\Spybot - Search & Destroy
2009-08-05 04:01:48 ----A---- C:\WINDOWS\system32\mswebdvd.dll
2009-08-01 15:01:00 ----D---- C:\Program Files\RegScrubXP
2009-08-01 12:25:25 ----A---- C:\WINDOWS\DCEBoot.exe
2009-07-30 08:16:43 ----SD---- C:\WINDOWS\Downloaded Program Files
2009-07-29 19:49:14 ----A---- C:\WINDOWS\system32\MRT.exe
2009-07-29 03:00:38 ----D---- C:\Program Files\Internet Explorer
2009-07-21 06:20:18 ----D---- C:\WINDOWS\Minidump
2009-07-19 18:48:58 ----A---- C:\WINDOWS\system32\ieframe.dll
2009-07-19 08:18:59 ----A---- C:\WINDOWS\system32\mshtml.dll
2009-07-17 14:01:06 ----A---- C:\WINDOWS\system32\atl.dll

======List of drivers (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R1 intelppm;Intel Processor Driver; C:\WINDOWS\system32\DRIVERS\intelppm.sys [2008-04-13 36352]
R1 tmtdi;Trend Micro TDI Driver; C:\WINDOWS\system32\DRIVERS\tmtdi.sys [2009-03-03 80400]
R2 LBeepKE;LBeepKE; C:\WINDOWS\System32\Drivers\LBeepKE.sys [2008-12-18 10384]
R2 tmactmon;tmactmon; \??\C:\WINDOWS\system32\drivers\tmactmon.sys []
R2 tmcomm;tmcomm; \??\C:\WINDOWS\system32\drivers\tmcomm.sys []
R2 tmevtmgr;tmevtmgr; \??\C:\WINDOWS\system32\drivers\tmevtmgr.sys []
R2 tmpreflt;tmpreflt; C:\WINDOWS\system32\DRIVERS\tmpreflt.sys [2009-05-22 36368]
R2 tmxpflt;tmxpflt; C:\WINDOWS\system32\DRIVERS\tmxpflt.sys [2009-05-22 225296]
R2 vsapint;vsapint; C:\WINDOWS\system32\DRIVERS\vsapint.sys [2009-05-22 1220120]
R3 aeaudio;aeaudio; C:\WINDOWS\system32\drivers\aeaudio.sys [2003-03-13 100224]
R3 b57w2k;Broadcom NetXtreme Gigabit Ethernet; C:\WINDOWS\system32\DRIVERS\b57xp32.sys [2006-05-10 156160]
R3 GEARAspiWDM;GEARAspiWDM; C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys [2006-09-19 15664]
R3 HidUsb;Microsoft HID Class Driver; C:\WINDOWS\system32\DRIVERS\hidusb.sys [2008-04-13 10368]
R3 ialm;ialm; C:\WINDOWS\system32\DRIVERS\ialmnt5.sys [2005-09-20 1302332]
R3 L8042Kbd;Logitech SetPoint Keyboard Driver; C:\WINDOWS\system32\DRIVERS\L8042Kbd.sys [2008-12-18 20240]
R3 L8042mou;SetPoint PS/2 Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\L8042mou.Sys [2008-12-18 63248]
R3 LHidFilt;Logitech SetPoint KMDF HID Filter Driver; C:\WINDOWS\system32\DRIVERS\LHidFilt.Sys [2008-12-18 35472]
R3 LMouFilt;Logitech SetPoint KMDF Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouFilt.Sys [2008-12-18 37392]
R3 LMouKE;SetPoint Mouse Filter Driver; C:\WINDOWS\system32\DRIVERS\LMouKE.Sys [2008-12-18 79248]
R3 LUsbFilt;Logitech SetPoint KMDF USB Filter; C:\WINDOWS\System32\Drivers\LUsbFilt.Sys [2008-12-18 28816]
R3 mouhid;Mouse HID Driver; C:\WINDOWS\system32\DRIVERS\mouhid.sys [2001-08-17 12160]
R3 smwdm;smwdm; C:\WINDOWS\system32\drivers\smwdm.sys [2003-05-27 578304]
R3 tmcfw;Trend Micro Common Firewall Service; C:\WINDOWS\system32\DRIVERS\TM_CFW.sys [2009-03-03 335376]
R3 usbehci;Microsoft USB 2.0 Enhanced Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbehci.sys [2008-04-13 30208]
R3 usbhub;USB2 Enabled Hub; C:\WINDOWS\system32\DRIVERS\usbhub.sys [2008-04-13 59520]
R3 usbuhci;Microsoft USB Universal Host Controller Miniport Driver; C:\WINDOWS\system32\DRIVERS\usbuhci.sys [2008-04-13 20608]
R3 Wdf01000;Wdf01000; C:\WINDOWS\system32\DRIVERS\Wdf01000.sys [2006-11-02 492000]
R3 ZD1211BU(ZyDAS);ZyDAS ZD1211B IEEE 802.11 b+g Wireless LAN Driver (USB)(ZyDAS); C:\WINDOWS\system32\DRIVERS\zd1211Bu.sys [2006-08-24 477696]
S3 catchme;catchme; \??\C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys []
S3 SymIM;Symantec Network Security Intermediate Filter Service; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 SymIMMP;SymIMMP; C:\WINDOWS\system32\DRIVERS\SymIM.sys []
S3 usbccgp;Microsoft USB Generic Parent Driver; C:\WINDOWS\system32\DRIVERS\usbccgp.sys [2008-04-13 32128]
S3 usbprint;Microsoft USB PRINTER Class; C:\WINDOWS\system32\DRIVERS\usbprint.sys [2008-04-13 25856]
S3 usbscan;USB Scanner Driver; C:\WINDOWS\system32\DRIVERS\usbscan.sys [2008-04-13 15104]
S3 USBSTOR;USB Mass Storage Driver; C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS [2008-04-13 26368]
S3 WudfPf;Windows Driver Foundation - User-mode Driver Framework Platform Driver; C:\WINDOWS\system32\DRIVERS\WudfPf.sys [2006-09-28 77568]
S3 WudfRd;Windows Driver Foundation - User-mode Driver Framework Reflector; C:\WINDOWS\system32\DRIVERS\wudfrd.sys [2006-09-28 82944]

======List of services (R=Running, S=Stopped, 0=Boot, 1=System, 2=Auto, 3=Demand, 4=Disabled)======

R2 Apple Mobile Device;Apple Mobile Device; C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe [2008-02-18 110592]
R2 Bonjour Service;Bonjour Service; C:\Program Files\Bonjour\mDNSResponder.exe [2007-07-24 229376]
R2 SfCtlCom;Trend Micro Central Control Component; C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe [2009-03-31 711248]
R2 SoundMAX Agent Service (default);SoundMAX Agent Service; C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe [2002-09-20 45056]
R2 TMBMServer;Trend Micro Unauthorized Change Prevention Service; C:\Program Files\Trend Micro\BM\TMBMSRV.exe [2009-03-03 341256]
R2 TmPfw;Trend Micro Personal Firewall; C:\Program Files\Trend Micro\Internet Security\TmPfw.exe [2009-03-31 497008]
R2 TmProxy;Trend Micro Proxy Service; C:\Program Files\Trend Micro\Internet Security\TmProxy.exe [2009-03-31 677128]
R3 iPod Service;iPod Service; C:\Program Files\iPod\bin\iPodService.exe [2008-02-19 504104]
S3 aspnet_state;ASP.NET State Service; C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe [2004-07-15 32768]
S3 getPlus(R) Helper;getPlus(R) Helper; C:\Program Files\NOS\bin\getPlus_HelperSvc.exe [2009-07-14 66056]
S3 LBTServ;Logitech Bluetooth Service; C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe [2009-02-19 121360]
S3 WMPNetworkSvc;Windows Media Player Network Sharing Service; C:\Program Files\Windows Media Player\WMPNetwk.exe [2006-10-18 913408]
S3 WudfSvc;Windows Driver Foundation - User-mode Driver Framework; C:\WINDOWS\system32\svchost.exe [2008-04-13 14336]

-----------------EOF-----------------


info.txt file:

info.txt logfile of random's system information tool 1.06 2009-08-16 13:57:35

======Uninstall list======

-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{11E83B33-972B-4512-A447-FF0FD0246EE9}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{23EFDB58-0874-4883-9810-EDA510B19FAE}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BB79C8D-9DCC-4861-8A23-AE1B0B45E2B6}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{2BFBC62A-3353-443D-93BE-7AC641D9F342}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{3C1B8CBC-9118-11D7-86D3-00055DF3561E}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{775FFF70-4A8C-4500-908D-3C34DBEB11D5}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B100B05B-E290-41EF-9366-8BC4C76D7769}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B14F9B26-D695-4C4A-8B11-0FE6CDCC797B}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{E213C271-AEFA-481D-A9B4-914D88925B8D}\setup.exe" -l0x9
-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{FAD9402A-1A9B-4ABE-A410-393A3622FA5A}\setup.exe" -l0x9
-->rundll32.exe setupapi.dll,InstallHinfSection DefaultUninstall 132 C:\WINDOWS\INF\PCHealth.inf
2WIRE Wireless LAN - USB Driver-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{581CE7EA-A30D-0000-1211-088635773309}\Setup.exe" -l0x9
ABBYY FineReader 5.0 Sprint Plus-->MsiExec.exe /X{D1696920-9794-4BBC-8A30-7A88763DE5A2}
Adobe Acrobat and Reader 8.1.2 Security Update 1 (KB403742)-->MsiExec.exe /X{6846389C-BAC0-4374-808E-B120F86AF5D7}
Adobe Download Manager-->"C:\Program Files\NOS\bin\getPlus_HelperSvc.exe" /UninstallGet1
Adobe Flash Player 10 ActiveX-->C:\WINDOWS\system32\Macromed\Flash\uninstall_activeX.exe
Adobe Flash Player 10 Plugin-->C:\WINDOWS\system32\Macromed\Flash\uninstall_plugin.exe
Adobe Reader 8.1.2-->MsiExec.exe /I{AC76BA86-7AD7-1033-7B44-A81200000003}
Adobe Shockwave Player-->C:\WINDOWS\system32\Adobe\SHOCKW~1\UNWISE.EXE C:\WINDOWS\system32\Adobe\SHOCKW~1\Install.log
Advanced SystemCare 3-->"C:\Program Files\IObit\Advanced SystemCare 3\unins000.exe"
Apple Mobile Device Support-->MsiExec.exe /I{44734179-8A79-4DEE-BB08-73037F065543}
Apple Software Update-->MsiExec.exe /I{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}
ArcSoft Software Suite-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{66C8BE35-8BBB-472B-96C7-C7C9A499F988}\Setup.exe" -l0x9
AusLogics Disk Defrag-->"C:\Program Files\Auslogics\AusLogics Disk Defrag\unins000.exe"
AusLogics Registry Cleaner-->"C:\Program Files\Auslogics\AusLogics Registry Cleaner\unins000.exe"
Bonjour-->MsiExec.exe /I{47BF1BD6-DCAC-468F-A0AD-E5DECC2211C3}
Broadcom NetXtreme Ethernet Controller-->MsiExec.exe /X{7E369B27-13E2-41A5-9879-358EE1C8B5AD}
CDDRV_Installer-->MsiExec.exe /I{0C826C5B-B131-423A-A229-C71B3CACCD6A}
Critical Update for Windows Media Player 11 (KB959772)-->"C:\WINDOWS\$NtUninstallKB959772_WM11$\spuninst\spuninst.exe"
EPSON CardMonitor-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{109D28C7-FB38-483A-9C91-001CB59E2699}\Setup.exe" -l0x9 uninst
EPSON Copy Utility-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{B69CC1A5-0404-11D6-ABCB-005004C21D30}\setup.exe" -l0x9 ADDREMOVEDLG
EPSON Photo Print-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0B53B71D-9E2F-42B8-9123-96354872D166}\setup.exe" -l0x9 MyUninstall
EPSON PhotoStarter3.0-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{5983C895-DDA4-45D9-A8D1-877D5DE7693E}\Setup.exe" -l0x9 uninst
EPSON Printer Software-->C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\EPUPDATE.EXE /R
EPSON RX500 Reference Guide-->C:\Program Files\epson\guide\rx500_e\uninstall.exe
EPSON Scan-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{0E0131B2-CF18-40D9-A331-60A3746C1204}\Setup.exe" -l0x9 UNINSTALL
EPSON Smart Panel-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{6C11D561-620B-47DA-A693-4C597F3CDF40}\Setup.exe" -l0x9 Uninstall
HijackThis 2.0.2-->"C:\Program Files\Trend Micro\HijackThis\HijackThis.exe" /uninstall
Hotfix for Windows Internet Explorer 7 (KB947864)-->"C:\WINDOWS\ie7updates\KB947864-IE7\spuninst\spuninst.exe"
Hotfix for Windows Media Format 11 SDK (KB929399)-->"C:\WINDOWS\$NtUninstallKB929399$\spuninst\spuninst.exe"
Hotfix for Windows Media Player 11 (KB939683)-->"C:\WINDOWS\$NtUninstallKB939683$\spuninst\spuninst.exe"
Hotfix for Windows XP (KB952287)-->"C:\WINDOWS\$NtUninstallKB952287$\spuninst\spuninst.exe"
Intel(R) Extreme Graphics 2 Driver-->RUNDLL32.EXE C:\WINDOWS\system32\ialmrem.dll,UninstallW2KIGfx PCI\VEN_8086&DEV_2572
iTunes-->MsiExec.exe /I{80FD852F-5AAC-4129-B931-06AAFFA43138}
Java(TM) 6 Update 3-->MsiExec.exe /I{3248F0A8-6813-11D6-A77B-00B0D0160030}
KhalInstallWrapper-->MsiExec.exe /I{3101CB58-3482-4D21-AF1A-7057FC935355}
Logitech SetPoint-->"C:\Program Files\InstallShield Installation Information\{F29B21BD-CAA6-445F-8EF7-A7E2B9D8B14E}\setup.exe" -runfromtemp -l0x0009 -removeonly
Malwarebytes' Anti-Malware-->"C:\Program Files\Malwarebytes' Anti-Malware\unins000.exe"
Microsoft .NET Framework 1.1 Hotfix (KB928366)-->"C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe" "C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp"
Microsoft .NET Framework 1.1-->msiexec.exe /X {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft .NET Framework 1.1-->MsiExec.exe /X{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}
Microsoft Compression Client Pack 1.0 for Windows XP-->"C:\WINDOWS\$NtUninstallMSCompPackV1$\spuninst\spuninst.exe"
Microsoft Internationalized Domain Names Mitigation APIs-->"C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$\spuninst\spuninst.exe"
Microsoft Kernel-Mode Driver Framework Feature Pack 1.5-->"C:\WINDOWS\$NtUninstallWdf01005$\spuninst\spuninst.exe"
Microsoft National Language Support Downlevel APIs-->"C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$\spuninst\spuninst.exe"
Microsoft Office 2000 Professional-->MsiExec.exe /I{00010409-78E1-11D2-B60F-006097C998E7}
Microsoft User-Mode Driver Framework Feature Pack 1.0-->"C:\WINDOWS\$NtUninstallWudf01000$\spuninst\spuninst.exe"
Microsoft Visual C++ 2005 Redistributable-->MsiExec.exe /X{7299052b-02a4-4627-81f2-1818da5d550d}
Mozilla Firefox (3.5.2)-->C:\Program Files\Mozilla Firefox\uninstall\helper.exe
Netflix Movie Viewer-->MsiExec.exe /X{BCE72AED-3332-4863-9567-C5DCB9052CA2}
QuickTime-->MsiExec.exe /I{BFD96B89-B769-4CD6-B11E-E79FFD46F067}
RealPlayer-->C:\Program Files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
RegScrubXP 3.25-->"C:\Program Files\RegScrubXP\unins000.exe"
Rhapsody Player Engine-->MsiExec.exe /I{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}
ScanToWeb-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}\setup.exe" ADDREMOVEDLG
Security Update for Windows Internet Explorer 7 (KB938127)-->"C:\WINDOWS\ie7updates\KB938127-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB942615)-->"C:\WINDOWS\ie7updates\KB942615-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB944533)-->"C:\WINDOWS\ie7updates\KB944533-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB950759)-->"C:\WINDOWS\ie7updates\KB950759-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB953838)-->"C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB956390)-->"C:\WINDOWS\ie7updates\KB956390-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB958215)-->"C:\WINDOWS\ie7updates\KB958215-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB960714)-->"C:\WINDOWS\ie7updates\KB960714-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB961260)-->"C:\WINDOWS\ie7updates\KB961260-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 7 (KB963027)-->"C:\WINDOWS\ie7updates\KB963027-IE7\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB969897)-->"C:\WINDOWS\ie8updates\KB969897-IE8\spuninst\spuninst.exe"
Security Update for Windows Internet Explorer 8 (KB972260)-->"C:\WINDOWS\ie8updates\KB972260-IE8\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB952069)-->"C:\WINDOWS\$NtUninstallKB952069_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player (KB973540)-->"C:\WINDOWS\$NtUninstallKB973540_WM9$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB936782)-->"C:\WINDOWS\$NtUninstallKB936782_WMP11$\spuninst\spuninst.exe"
Security Update for Windows Media Player 11 (KB954154)-->"C:\WINDOWS\$NtUninstallKB954154_WM11$\spuninst\spuninst.exe"
Security Update for Windows XP (KB923561)-->"C:\WINDOWS\$NtUninstallKB923561$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464)-->"C:\WINDOWS\$NtUninstallKB938464$\spuninst\spuninst.exe"
Security Update for Windows XP (KB938464-v2)-->"C:\WINDOWS\$NtUninstallKB938464-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB941569)-->"C:\WINDOWS\$NtUninstallKB941569$\spuninst\spuninst.exe"
Security Update for Windows XP (KB946648)-->"C:\WINDOWS\$NtUninstallKB946648$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950760)-->"C:\WINDOWS\$NtUninstallKB950760$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950762)-->"C:\WINDOWS\$NtUninstallKB950762$\spuninst\spuninst.exe"
Security Update for Windows XP (KB950974)-->"C:\WINDOWS\$NtUninstallKB950974$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951066)-->"C:\WINDOWS\$NtUninstallKB951066$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376)-->"C:\WINDOWS\$NtUninstallKB951376$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951376-v2)-->"C:\WINDOWS\$NtUninstallKB951376-v2$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951698)-->"C:\WINDOWS\$NtUninstallKB951698$\spuninst\spuninst.exe"
Security Update for Windows XP (KB951748)-->"C:\WINDOWS\$NtUninstallKB951748$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952004)-->"C:\WINDOWS\$NtUninstallKB952004$\spuninst\spuninst.exe"
Security Update for Windows XP (KB952954)-->"C:\WINDOWS\$NtUninstallKB952954$\spuninst\spuninst.exe"
Security Update for Windows XP (KB953839)-->"C:\WINDOWS\$NtUninstallKB953839$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954211)-->"C:\WINDOWS\$NtUninstallKB954211$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954459)-->"C:\WINDOWS\$NtUninstallKB954459$\spuninst\spuninst.exe"
Security Update for Windows XP (KB954600)-->"C:\WINDOWS\$NtUninstallKB954600$\spuninst\spuninst.exe"
Security Update for Windows XP (KB955069)-->"C:\WINDOWS\$NtUninstallKB955069$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956391)-->"C:\WINDOWS\$NtUninstallKB956391$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956572)-->"C:\WINDOWS\$NtUninstallKB956572$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956744)-->"C:\WINDOWS\$NtUninstallKB956744$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956802)-->"C:\WINDOWS\$NtUninstallKB956802$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956803)-->"C:\WINDOWS\$NtUninstallKB956803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB956841)-->"C:\WINDOWS\$NtUninstallKB956841$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957095)-->"C:\WINDOWS\$NtUninstallKB957095$\spuninst\spuninst.exe"
Security Update for Windows XP (KB957097)-->"C:\WINDOWS\$NtUninstallKB957097$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958644)-->"C:\WINDOWS\$NtUninstallKB958644$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958687)-->"C:\WINDOWS\$NtUninstallKB958687$\spuninst\spuninst.exe"
Security Update for Windows XP (KB958690)-->"C:\WINDOWS\$NtUninstallKB958690$\spuninst\spuninst.exe"
Security Update for Windows XP (KB959426)-->"C:\WINDOWS\$NtUninstallKB959426$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960225)-->"C:\WINDOWS\$NtUninstallKB960225$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960715)-->"C:\WINDOWS\$NtUninstallKB960715$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960803)-->"C:\WINDOWS\$NtUninstallKB960803$\spuninst\spuninst.exe"
Security Update for Windows XP (KB960859)-->"C:\WINDOWS\$NtUninstallKB960859$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961371)-->"C:\WINDOWS\$NtUninstallKB961371$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961373)-->"C:\WINDOWS\$NtUninstallKB961373$\spuninst\spuninst.exe"
Security Update for Windows XP (KB961501)-->"C:\WINDOWS\$NtUninstallKB961501$\spuninst\spuninst.exe"
Security Update for Windows XP (KB968537)-->"C:\WINDOWS\$NtUninstallKB968537$\spuninst\spuninst.exe"
Security Update for Windows XP (KB969898)-->"C:\WINDOWS\$NtUninstallKB969898$\spuninst\spuninst.exe"
Security Update for Windows XP (KB970238)-->"C:\WINDOWS\$NtUninstallKB970238$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971557)-->"C:\WINDOWS\$NtUninstallKB971557$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971633)-->"C:\WINDOWS\$NtUninstallKB971633$\spuninst\spuninst.exe"
Security Update for Windows XP (KB971657)-->"C:\WINDOWS\$NtUninstallKB971657$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973346)-->"C:\WINDOWS\$NtUninstallKB973346$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973354)-->"C:\WINDOWS\$NtUninstallKB973354$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973507)-->"C:\WINDOWS\$NtUninstallKB973507$\spuninst\spuninst.exe"
Security Update for Windows XP (KB973869)-->"C:\WINDOWS\$NtUninstallKB973869$\spuninst\spuninst.exe"
SoundMAX-->RunDll32 C:\PROGRA~1\COMMON~1\INSTAL~1\engine\6\INTEL3~1\Ctor.dll,LaunchSetup "C:\Program Files\InstallShield Installation Information\{F0A37341-D692-11D4-A984-009027EC0A9C}\Setup.exe"
Spybot - Search & Destroy-->"C:\Program Files\Spybot - Search & Destroy\unins000.exe"
Trend Micro Internet Security-->C:\Program Files\Trend Micro\Internet Security\remove.exe
Trend Micro Internet Security-->MsiExec.exe /X{40E12A55-C504-4223-AFAC-7672DBF1ACDE}
Update for Windows Internet Explorer 8 (KB971180)-->"C:\WINDOWS\ie8updates\KB971180-IE8\spuninst\spuninst.exe"
Update for Windows XP (KB951072-v2)-->"C:\WINDOWS\$NtUninstallKB951072-v2$\spuninst\spuninst.exe"
Update for Windows XP (KB951978)-->"C:\WINDOWS\$NtUninstallKB951978$\spuninst\spuninst.exe"
Update for Windows XP (KB955839)-->"C:\WINDOWS\$NtUninstallKB955839$\spuninst\spuninst.exe"
Update for Windows XP (KB967715)-->"C:\WINDOWS\$NtUninstallKB967715$\spuninst\spuninst.exe"
Update for Windows XP (KB968389)-->"C:\WINDOWS\$NtUninstallKB968389$\spuninst\spuninst.exe"
Update for Windows XP (KB973815)-->"C:\WINDOWS\$NtUninstallKB973815$\spuninst\spuninst.exe"
Windows Internet Explorer 8-->"C:\WINDOWS\ie8\spuninst\spuninst.exe"
Windows Media Format 11 runtime-->"C:\Program Files\Windows Media Player\wmsetsdk.exe" /UninstallAll
Windows Media Format 11 runtime-->"C:\WINDOWS\$NtUninstallWMFDist11$\spuninst\spuninst.exe"
Windows Media Player 11-->"C:\Program Files\Windows Media Player\Setup_wm.exe" /Uninstall
Windows Media Player 11-->"C:\WINDOWS\$NtUninstallwmp11$\spuninst\spuninst.exe"
Windows XP Service Pack 3-->"C:\WINDOWS\$NtServicePackUninstall$\spuninst\spuninst.exe"
WinRAR archiver-->C:\Program Files\WinRAR\uninstall.exe

======Hosts File======

127.0.0.1 http://www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 http://www.008k.com
127.0.0.1 008k.com
127.0.0.1 http://www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 http://www.032439.com
127.0.0.1 032439.com

======Security center information======

AV: Trend Micro Internet Security
FW: Trend Micro Personal Firewall

======System event log======

Computer Name: CUSTOMER
Event Code: 4
Message: Broadcom NetXtreme Gigabit Ethernet for hp: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 28780
Source Name: b57w2k
Time Written: 20090801145517.000000-300
Event Type: warning
User:

Computer Name: CUSTOMER
Event Code: 3023
Message: The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\ide#cdromhl-dt-st_cd-rw_gce-8483b________________1.05____#5&1e49b59c&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 1381.

Record Number: 28778
Source Name: LDMS
Time Written: 20090801145512.000000-300
Event Type: error
User:

Computer Name: CUSTOMER
Event Code: 36
Message: The time service has not been able to synchronize the system time
for 49152 seconds because none of the time providers has been able to
provide a usable time stamp. The system clock is unsynchronized.

Record Number: 28770
Source Name: W32Time
Time Written: 20090801113350.000000-300
Event Type: warning
User:

Computer Name: CUSTOMER
Event Code: 4
Message: Broadcom NetXtreme Gigabit Ethernet for hp: The network link is down. Check to make sure the network cable is properly connected.

Record Number: 28751
Source Name: b57w2k
Time Written: 20090731215432.000000-300
Event Type: warning
User:

Computer Name: CUSTOMER
Event Code: 3023
Message: The Logical Disk Manager Service failed while registering for device handle notifications on device \\?\ide#cdromhl-dt-st_cd-rw_gce-8483b________________1.05____#5&1e49b59c&0&0.0.0#{53f5630d-b6bf-11d0-94f2-00a0c91efb8b}. Win32 Error: 1381.

Record Number: 28745
Source Name: LDMS
Time Written: 20090731215420.000000-300
Event Type: error
User:

=====Application event log=====

Computer Name: CUSTOMER
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: The specified server cannot perform the requested operation.


Record Number: 32
Source Name: crypt32
Time Written: 20090215080629.000000-360
Event Type: error
User:

Computer Name: CUSTOMER
Event Code: 8
Message: Failed auto update retrieval of third-party root list sequence number from: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt> with error: This operation returned because the timeout period expired.


Record Number: 31
Source Name: crypt32
Time Written: 20090215080629.000000-360
Event Type: error
User:

Computer Name: CUSTOMER
Event Code: 1000
Message: Faulting application iexplore.exe, version 7.0.6000.16762, faulting module flash9e.ocx, version 9.0.115.0, fault address 0x0013f879.

Record Number: 12
Source Name: Application Error
Time Written: 20090206151953.000000-360
Event Type: error
User:

Computer Name: CUSTOMER
Event Code: 1517
Message: Windows saved user CUSTOMER\Administrator registry while an application or service was still using the registry during log off. The memory used by the user's registry has not been freed. The registry will be unloaded when it is no longer in use.


This is often caused by services running as a user account, try configuring the services to run in either the LocalService or NetworkService account.

Record Number: 8
Source Name: Userenv
Time Written: 20090204110812.000000-360
Event Type: warning
User: NT AUTHORITY\SYSTEM

Computer Name: CUSTOMER
Event Code: 1000
Message: Faulting application itunes.exe, version 7.6.1.9, faulting module itunes.exe, version 7.6.1.9, fault address 0x000d45b9.

Record Number: 4
Source Name: Application Error
Time Written: 20090201171329.000000-360
Event Type: error
User:

======Environment variables======

"ComSpec"=%SystemRoot%\system32\cmd.exe
"Path"=%systemroot%\system32;%systemroot%;%systemroot%\system32\wbem;C:\Program Files\QuickTime\QTSystem
"windir"=%SystemRoot%
"FP_NO_HOST_CHECK"=NO
"OS"=Windows_NT
"PROCESSOR_ARCHITECTURE"=x86
"PROCESSOR_LEVEL"=15
"PROCESSOR_IDENTIFIER"=x86 Family 15 Model 3 Stepping 4, GenuineIntel
"PROCESSOR_REVISION"=0304
"NUMBER_OF_PROCESSORS"=1
"PATHEXT"=.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH
"TEMP"=%SystemRoot%\TEMP
"TMP"=%SystemRoot%\TEMP
"CLASSPATH"=.;C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip
"QTJAVA"=C:\Program Files\Java\jre1.6.0_03\lib\ext\QTJava.zip

-----------------EOF-----------------

[catalia]

I forgot to mention, I was not able to accomplish the "First Step" to uncheck Resident Protection in Spy Bot. I do not have a Spybot Icon in the system tray. I am running version 1.5

I was able to complete the second step.


First step:

* Right-click the Spybot Icon in the System Tray (looks like a blue/white calendar with a padlock symbol)
* If you have the new version 1.5, Click once on Resident Protection, then Right click the Spybot icon again and make sure Resident Protection is now Unchecked. The Spybot icon in the System tray should now be now colorless.
* If you have Version 1.4, Click on Exit Spybot S&D Resident

Second step, For Either Version :

* Open Spybot S&D
* Click Mode, choose Advanced Mode
* Go To the bottom of the Vertical Panel on the Left, Click Tools
* then, also in left panel, click Resident shows a red/white shield.
* If your firewall raises a question, say OK
* In the Resident protection status frame, Uncheck the box labeled Resident "Tea-Timer"(Protection of over-all system settings) active
* OK any prompts.
* Use File, Exit to terminate Spybot
* Reboot your machine for the changes to take effect.

[muppy03]

1. Is it Trend Micro giving you the message?


Open Hijack This and select Do a System Scan Only place a check next to the below lines if still present

O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k

Once selected close all windows except HJT an click on Fix Checked

NEXT GMER

• Download GMER by GMER from one of the links below:
  Link1
  Link2
• Unzip it to a folder on your desktop
• Double click on gmer.exe to launch GMER
• If asked, allow the gmer.sys driver load
• If it warns you about rootkit activity and asks if you want to run scan, click OK
• If you don't get a warning then
  
  
  
  • Click the rootkit tab
  • Click Scan
• Once the scan has finished, click copy
• Paste the log into notepad using Ctrl+V
• Save it to your desktop as gmerrk.txt
• Click on the >>> tab
• This will open up the rest of the tabs for you
• Click on the Autostart tab
• Click on Scan
• Once the scan has finished, click copy
• Paste the log into notepad using Ctrl+V
• Save it to your desktop as gmerautos.txt
• Copy and paste the contents of gmerautos.txt and gmerrk.txt as a reply to this topic

Please reply with:-

• 2 x GMER Logs

[catalia]

No, it is a MS Windows dialog box see attached jpg.

Error Message.jpg

Here are the GMER logs:

GMERRK:

GMER 1.0.15.15077 [gmer.exe] - http://www.gmer.net
Rootkit scan 2009-08-17 19:47:13
Windows 5.1.2600 Service Pack 3


---- System - GMER 1.0.15 ----

Code 82F8E5D8 ZwEnumerateKey
Code 82DB6F98 ZwFlushInstructionCache
Code 82F8E436 IofCallDriver
Code 82F24BF6 IofCompleteRequest

---- Kernel code sections - GMER 1.0.15 ----

.text ntoskrnl.exe!IofCallDriver 804E37C5 5 Bytes JMP 82F8E43B
.text ntoskrnl.exe!IofCompleteRequest 804E3BF6 5 Bytes JMP 82F24BFB
PAGE ntoskrnl.exe!ZwEnumerateKey 80570D64 5 Bytes JMP 82F8E5DC
PAGE ntoskrnl.exe!ZwFlushInstructionCache 80577693 5 Bytes JMP 82DB6F9C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Tcp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\Udp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)
AttachedDevice \Driver\Tcpip \Device\RawIp tmtdi.sys (Trend Micro TDI Driver (i386-fre)/Trend Micro Inc.)

---- EOF - GMER 1.0.15 ----

GMAUTOS:

GMER 1.0.15.15077 - http://www.gmer.net
Autostart scan 2009-08-17 19:48:50
Windows 5.1.2600 Service Pack 3


HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems@Windows = %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,3072,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ProfileControl=Off MaxRequestThreads=16

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon@Userinit = C:\WINDOWS\system32\userinit.exe,

HKLM\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\ >>>
dimsntfy@DLLName = %SystemRoot%\System32\dimsntfy.dll
igfxcui@DLLName = igfxdev.dll
LBTWlgn@DLLName = c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
WgaLogon@DLLName = WgaLogon.dll

HKLM\SYSTEM\CurrentControlSet\Services\ >>>
Apple Mobile Device@ = "C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe"
Bonjour Service@ = "C:\Program Files\Bonjour\mDNSResponder.exe"
ScsiPort@ = %SystemRoot%\system32\drivers\scsiport.sys
SfCtlCom@ = "C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe"
SoundMAX Agent Service (default)@ = C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
TMBMServer@ = "C:\Program Files\Trend Micro\BM\TMBMSRV.exe" /service
TmPfw@ = "C:\Program Files\Trend Micro\Internet Security\TmPfw.exe"
TmProxy@ = "C:\Program Files\Trend Micro\Internet Security\TmProxy.exe"

HKLM\Software\Microsoft\Windows\CurrentVersion\Run >>>
@IMJPMIG8.1"C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32 = "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
@PHIME2002ASyncC:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
@PHIME2002AC:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName = C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
@SmappC:\Program Files\Analog Devices\SoundMAX\SMTray.exe = C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
@DrvLsnrC:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe = C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
@EPSON Stylus Photo RX500C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500" = C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
@SunJavaUpdateSched"C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" = "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
@Adobe Reader Speed Launcher"C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" = "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
@TkBellExe"C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot = "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
@QuickTime Task"C:\Program Files\QuickTime\qttask.exe" -atboottime = "C:\Program Files\QuickTime\qttask.exe" -atboottime
@iTunesHelper"C:\Program Files\iTunes\iTunesHelper.exe" = "C:\Program Files\iTunes\iTunesHelper.exe"
@UfSeAgnt.exe"C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe" = "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
@Kernel and Hardware Abstraction LayerKHALMNPR.EXE = KHALMNPR.EXE
@igfxtrayC:\WINDOWS\system32\igfxtray.exe = C:\WINDOWS\system32\igfxtray.exe
@igfxhkcmdC:\WINDOWS\system32\hkcmd.exe = C:\WINDOWS\system32\hkcmd.exe
@igfxpersC:\WINDOWS\system32\igfxpers.exe = C:\WINDOWS\system32\igfxpers.exe

HKCU\Software\Microsoft\Windows\CurrentVersion\Run >>>
@ctfmon.exeC:\WINDOWS\system32\ctfmon.exe = C:\WINDOWS\system32\ctfmon.exe
@OEC:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe = C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
@Advanced SystemCare 3"C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup = "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup

HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad@WPDShServiceObj = C:\WINDOWS\system32\WPDShServiceObj.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved >>>
@{42071714-76d4-11d1-8b24-00a0c9068ff3} /*Display Panning CPL Extension*/(null) =
@{596AB062-B4D2-4215-9F74-E9109B0A8153} /*Previous Versions Property Page*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{9DB7A13C-F208-4981-8353-73CC61AE2783} /*Previous Versions*/C:\WINDOWS\system32\twext.dll = C:\WINDOWS\system32\twext.dll
@{30D02401-6A81-11d0-8274-00C04FD5AE38} /*IE Search Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E7E4BC40-E76A-11CE-A9BB-00AA004AE837} /*Shell DocObject Viewer*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FBF23B40-E3F0-101B-8488-00AA003E56F8} /*InternetShortcut*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3C374A40-BAE4-11CF-BF7D-00AA006946EE} /*Microsoft Url History Service*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FF393560-C2A7-11CF-BFF4-444553540000} /*History*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E00-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{7BD29E01-76C1-11CF-9DD0-00A0C9034933} /*Temporary Internet Files*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{CFBFAE00-17A6-11D0-99CB-00C04FD64497} /*Microsoft Url Search Hook*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3DC7A020-0ACD-11CF-A9BB-00AA004AE837} /*The Internet*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{871C5380-42A0-1069-A2EA-08002B30309D} /*Internet Name Space*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{00E7B358-F65B-4dcf-83DF-CD026B94BFD4} /*Autoplay for SlideShow*/(null) =
@{692F0339-CBAA-47e6-B5B5-3B84DB604E87} /*Extensions Manager Folder*/C:\WINDOWS\system32\extmgr.dll = C:\WINDOWS\system32\extmgr.dll
@{0006F045-0000-0000-C000-000000000046} /*Microsoft Outlook Custom Icon Handler*/C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL = C:\PROGRA~1\MICROS~2\Office\OLKFSTUB.DLL
@{F0CB00CD-5A07-4D91-97F5-A8C92CDA93E4} /*Shell Extensions for RealOne Player*/C:\Program Files\Real\RealPlayer\rpshell.dll = C:\Program Files\Real\RealPlayer\rpshell.dll
@{07C45BB1-4A8C-4642-A1F5-237E7215FF66} /*IE Microsoft BrowserBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{1C1EDB47-CE22-4bbb-B608-77B48F83C823} /*IE Fade Task*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{205D7A97-F16D-4691-86EF-F3075DCCA57D} /*IE Menu Desk Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{3028902F-6374-48b2-8DC6-9725E775B926} /*IE AutoComplete*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{43886CD5-6529-41c4-A707-7B3C92C05E68} /*IE Navigation Bar*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{44C76ECD-F7FA-411c-9929-1B77BA77F524} /*IE Menu Site*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{4B78D326-D922-44f9-AF2A-07805C2A3560} /*IE Menu Band*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6038EF75-ABFC-4e59-AB6F-12D397F6568D} /*IE Microsoft History AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6B4ECC4F-16D1-4474-94AB-5A763F2A54AE} /*IE Tracking Shell Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{6CF48EF8-44CD-45d2-8832-A16EA016311B} /*IE IShellFolderBand*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{73CFD649-CD48-4fd8-A272-2070EA56526B} /*IE BandProxy*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{98FF6D4B-6387-4b0a-8FBD-C5C4BB17B4F8} /*IE MRU AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9A096BB5-9DC3-4D1C-8526-C3CBF991EA4E} /*IE RSS Feeder Folder*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{9D958C62-3954-4b44-8FAB-C4670C1DB4C2} /*IE Microsoft Shell Folder AutoComplete List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B31C5FAE-961F-415b-BAF0-E697A5178B94} /*IE Microsoft Multiple AutoComplete List Container*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BC476F4C-D9D7-4100-8D4E-E043F6DEC409} /*Microsoft Browser Architecture*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{BFAD62EE-9D54-4b2a-BF3B-76F90697BD2A} /*IE Shell Rebar BandSite*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{E6EE9AAC-F76B-4947-8260-A9F136138E11} /*IE Shell Band Site Menu*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F2CF5485-4E02-4f68-819C-B92DE9277049} /*&Links*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{F83DAC1C-9BB9-4f2b-B619-09819DA81B0E} /*IE Registry Tree Options Utility*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FAC3CBF6-8697-43d0-BAB9-DCD1FCE19D75} /*IE User Assist*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{FDE7673D-2E19-4145-8376-BBD58C4BC7BA} /*IE Custom MRU AutoCompleted List*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} /*iTunes*/C:\Program Files\iTunes\iTunesMiniPlayer.dll = C:\Program Files\iTunes\iTunesMiniPlayer.dll
@{48F45200-91E6-11CE-8A4F-0080C81A28D4} /*TMD Shell Extension*/C:\Program Files\Trend Micro\Internet Security\Tmdshell.dll = C:\Program Files\Trend Micro\Internet Security\Tmdshell.dll
@{771A9DA0-731A-11CE-993C-00AA004ADB6C} /*VBPropSheet*/C:\Program Files\Trend Micro\Internet Security\VBProp.dll = C:\Program Files\Trend Micro\Internet Security\VBProp.dll
@{35786D3C-B075-49b9-88DD-029876E11C01} /*Portable Devices*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{D6791A63-E7E2-4fee-BF52-5DED8E86E9B8} /*Portable Devices Menu*/%SystemRoot%\system32\wpdshext.dll = %SystemRoot%\system32\wpdshext.dll
@{DC70C4A5-2044-4c59-B806-DEFB9AE0DF7C} /*Logitech Setpoint Extension*/C:\Program Files\Logitech\SetPoint\kbcplext.dll = C:\Program Files\Logitech\SetPoint\kbcplext.dll
@{B9B9F083-2B04-452A-8691-83694AC1037B} /*Logitech Setpoint Extension*/C:\Program Files\Logitech\SetPoint\mcplext.dll = C:\Program Files\Logitech\SetPoint\mcplext.dll
@{B41DB860-8EE4-11D2-9906-E49FADC173CA} /*WinRAR shell extension*/C:\Program Files\WinRAR\rarext.dll = C:\Program Files\WinRAR\rarext.dll
@{11016101-E366-4D22-BC06-4ADA335C892B} /*IE History and Feeds Shell Data Source for Windows Search*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll
@{8856f961-340a-11d0-a96b-00c04fd705a2} /*Microsoft Web Browser*/C:\WINDOWS\system32\ieframe.dll = C:\WINDOWS\system32\ieframe.dll

HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved@{BDEADF00-C265-11d0-BCED-00A0C90AB50F} /*Web Folders*/ = C:\PROGRA~1\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL

HKLM\Software\Classes\*\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\*\shellex\ContextMenuHandlers@{48F45200-91E6-11CE-8A4F-0080C81A28D4} = C:\Program Files\Trend Micro\Internet Security\Tmdshell.dll

HKLM\Software\Classes\Directory\shellex\ContextMenuHandlers\WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers\ >>>
MBAMShlExt@{57CE581A-0CB6-4266-9CA0-19364C90A0B3} = C:\Program Files\Malwarebytes' Anti-Malware\mbamext.dll
WinRAR@{B41DB860-8EE4-11D2-9906-E49FADC173CA} = C:\Program Files\WinRAR\rarext.dll

HKLM\Software\Classes\Folder\shellex\ContextMenuHandlers@{48F45200-91E6-11CE-8A4F-0080C81A28D4} = C:\Program Files\Trend Micro\Internet Security\Tmdshell.dll

HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects >>>
@{06849E9F-C8D7-4D59-B87D-784B7D6BE0B3}C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll = C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
@{53707962-6F74-2D53-2644-206D7942484F}C:\PROGRA~1\SPYBOT~1\SDHelper.dll = C:\PROGRA~1\SPYBOT~1\SDHelper.dll
@{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll = C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll

HKCU\Control Panel\Desktop@SCRNSAVE.EXE = C:\WINDOWS\system32\ss3dfo.scr

HKLM\Software\Microsoft\Internet Explorer\Main >>>
@Default_Page_URLhttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Start Pagehttp://go.microsoft.com/fwlink/?LinkId=69157 = http://go.microsoft.com/fwlink/?LinkId=69157
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKCU\Software\Microsoft\Internet Explorer\Main >>>
@Start Pagehttp://www.google.com/ = http://www.google.com/
@Local PageC:\WINDOWS\system32\blank.htm = C:\WINDOWS\system32\blank.htm

HKLM\Software\Classes\PROTOCOLS\Handler\ >>>
dvd@CLSID = C:\WINDOWS\system32\msvidctl.dll
its@CLSID = C:\WINDOWS\system32\itss.dll
mhtml@CLSID = %SystemRoot%\system32\inetcomm.dll
ms-its@CLSID = C:\WINDOWS\system32\itss.dll
tv@CLSID = C:\WINDOWS\system32\msvidctl.dll
wia@CLSID = C:\WINDOWS\system32\wiascr.dll

HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000004@LibraryPath = C:\Program Files\Bonjour\mdnsNSP.dll

C:\Documents and Settings\All Users\Start Menu\Programs\Startup >>>
Logitech SetPoint.lnk = Logitech SetPoint.lnk
Microsoft Office.lnk = Microsoft Office.lnk

---- EOF - GMER 1.0.15 ----

[muppy03]

Download and run Combofix
This tool is not a toy and not for everyday use.
ComboFix SHOULD NOT be used unless requested by a forum helper

Please download ComboFix from one of these locations:

Link 1
Link 2
Link 3

* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools.
• If you need help to disable your protection programs see here.
• Double click on ComboFix.exe & follow the prompts.
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:


Click on Yes, to continue scanning for malware.

When finished, it will produce a log for you. Please include the C:\ComboFix.txt in your next reply along with a fresh HijackThis log.

If you need help, see this link:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Please reply with:-

• Combofix log
• New HJT log
  

[catalia]

Okey dokey! While Combofix was running I had to clear a few dozen "Bad Image" messages, but Combofix finally ran. Combofix found rootkit activity and had to reboot. I did not get any more messages after the reboot and the offending files in c:windows\system32 appeared to have been deleted.

Here are the log files

Combofix:

ComboFix 09-08-19.01 - Administrator 08/19/2009 20:17.2.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.503.208 [GMT -5:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Trend Micro Internet Security *On-access scanning disabled* (Updated) {7D2296BC-32CC-4519-917E-52E652474AF5}
FW: Trend Micro Personal Firewall *enabled* {3E790E9E-6A5D-4303-A7F9-185EC20F3EB6}
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\drivers\hjgruidnneebrn.sys
c:\windows\system32\hjgruigqukoodc.dat
c:\windows\system32\hjgruihehaehmi.dll
c:\windows\system32\hjgruiutrjmujx.dat
c:\windows\system32\hjgruiuulwslhn.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_hjgruigsqyrjxo
-------\Legacy_hjgruigsqyrjxo


((((((((((((((((((((((((( Files Created from 2009-07-20 to 2009-08-20 )))))))))))))))))))))))))))))))
.

2009-08-16 18:57 . 2009-08-16 18:57 -------- d-----w- C:\rsit
2009-08-16 03:27 . 2009-08-16 03:27 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-08-16 03:27 . 2009-08-03 18:36 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-08-16 03:27 . 2009-08-16 03:27 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-16 03:27 . 2009-08-16 03:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-08-16 03:27 . 2009-08-03 18:36 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-08-12 05:30 . 2009-07-10 13:27 1315328 -c----w- c:\windows\system32\dllcache\msoe.dll
2009-08-05 09:01 . 2009-08-05 09:01 204800 -c----w- c:\windows\system32\dllcache\mswebdvd.dll
2009-07-30 13:16 . 2009-07-30 13:16 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-30 13:16 . 2009-07-30 13:16 -------- d-----w- c:\program files\NOS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-12 02:09 . 2008-10-18 22:23 -------- d-----w- c:\program files\Trend Micro
2009-08-08 12:23 . 2008-05-30 04:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-08 12:18 . 2008-05-30 04:19 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-05 09:01 . 2004-08-04 12:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 20:01 . 2009-05-14 01:54 -------- d-----w- c:\program files\RegScrubXP
2009-08-01 17:25 . 2009-07-14 17:16 10752 ----a-w- c:\windows\DCEBoot.exe
2009-07-17 19:01 . 2004-08-04 12:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-14 04:43 . 2004-08-04 12:00 286208 ----a-w- c:\windows\system32\wmpdxm.dll
2009-07-03 17:09 . 2004-08-04 12:00 915456 ----a-w- c:\windows\system32\wininet.dll
2009-07-02 03:45 . 2009-07-02 03:45 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit
2009-07-02 03:45 . 2009-07-02 03:45 -------- d-----w- c:\program files\IObit
2009-06-25 08:25 . 2004-08-04 12:00 730112 ----a-w- c:\windows\system32\lsasrv.dll
2009-06-25 08:25 . 2004-08-04 12:00 56832 ----a-w- c:\windows\system32\secur32.dll
2009-06-25 08:25 . 2004-08-04 12:00 54272 ----a-w- c:\windows\system32\wdigest.dll
2009-06-25 08:25 . 2004-08-04 12:00 301568 ----a-w- c:\windows\system32\kerberos.dll
2009-06-25 08:25 . 2004-08-04 12:00 147456 ----a-w- c:\windows\system32\schannel.dll
2009-06-25 08:25 . 2004-08-04 12:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-06-24 11:18 . 2004-08-04 12:00 92928 ----a-w- c:\windows\system32\drivers\ksecdd.sys
2009-06-16 14:36 . 2004-08-04 12:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2004-08-04 12:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-12 12:31 . 2004-08-04 12:00 80896 ----a-w- c:\windows\system32\tlntsess.exe
2009-06-12 12:31 . 2004-08-04 12:00 76288 ----a-w- c:\windows\system32\telnet.exe
2009-06-10 14:19 . 2006-12-12 14:59 2066432 ----a-w- c:\windows\system32\mstscax.dll
2009-06-10 14:13 . 2004-08-04 12:00 84992 ----a-w- c:\windows\system32\avifil32.dll
2009-06-10 06:14 . 2004-08-04 12:00 132096 ----a-w- c:\windows\system32\wkssvc.dll
2009-06-03 19:09 . 2004-08-04 12:00 1291264 ----a-w- c:\windows\system32\quartz.dll
2009-06-03 15:11 . 2009-06-03 15:11 390664 ----a-w- c:\documents and settings\Administrator\Application Data\Real\RealPlayer\Update\RealPlayer11.exe
2009-05-22 08:02 . 2008-10-18 22:22 225296 ----a-w- c:\windows\system32\drivers\tmxpflt.sys
2009-05-22 08:00 . 2008-10-18 22:22 36368 ----a-w- c:\windows\system32\drivers\tmpreflt.sys
2009-05-22 07:45 . 2008-10-18 22:22 1220120 ----a-w- c:\windows\system32\drivers\vsapint.sys
.

((((((((((((((((((((((((((((( SnapShot@2009-06-03_15.33.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2003-02-21 10:16 . 2003-02-21 10:16 49152 c:\windows\system32\URTTemp\regtlib.exe
+ 2009-06-03 17:42 . 2003-02-21 00:09 77824 c:\windows\system32\URTTemp\mscorsn.dll
+ 2009-06-03 17:44 . 2005-09-20 16:35 94208 c:\windows\system32\ReinstallBackups\0013\DriverFiles\igfxtray.exe
+ 2009-06-03 17:44 . 2005-09-20 16:32 57344 c:\windows\system32\ReinstallBackups\0013\DriverFiles\igfxsrvc.dll
+ 2009-06-03 17:44 . 2005-09-20 16:36 94208 c:\windows\system32\ReinstallBackups\0013\DriverFiles\igfxext.exe
+ 2009-06-03 17:44 . 2005-09-20 16:36 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\igfxexps.dll
+ 2009-06-03 17:44 . 2005-09-20 16:32 86016 c:\windows\system32\ReinstallBackups\0013\DriverFiles\igfxdo.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuTRK.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuTHA.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuSVE.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuRUS.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuPTG.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuPTB.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuPLK.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuNOR.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuNLD.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuKOR.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuJPN.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuITA.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuHUN.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuHEB.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuFRC.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuFRA.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuFIN.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuESP.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuENG.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuELL.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuDEU.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuDAN.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuCSY.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuCHT.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuCHS.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuARB.dll
+ 2009-06-03 17:44 . 2005-09-20 16:37 40960 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmuARA.dll
+ 2009-06-03 17:44 . 2005-09-20 16:52 36990 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmrnt5.dll
+ 2009-06-03 17:44 . 2005-09-20 16:52 49152 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmrem.dll
+ 2009-06-03 17:44 . 2005-09-20 16:52 61440 c:\windows\system32\ReinstallBackups\0013\DriverFiles\iAlmCoIn.dll
+ 2009-06-03 17:44 . 2005-09-20 16:32 77824 c:\windows\system32\ReinstallBackups\0013\DriverFiles\hkcmd.exe
+ 2009-06-03 17:44 . 2005-09-20 16:31 73728 c:\windows\system32\ReinstallBackups\0013\DriverFiles\hccutils.dll
+ 2004-08-04 12:00 . 2009-06-06 01:52 52968 c:\windows\system32\perfc009.dat
+ 2003-02-21 00:16 . 2003-02-21 00:16 32768 c:\windows\system32\netfxperf.dll
- 2007-08-14 00:54 . 2009-03-08 09:31 55296 c:\windows\system32\msfeedsbs.dll
+ 2007-08-14 00:54 . 2009-07-03 17:09 55296 c:\windows\system32\msfeedsbs.dll
+ 2004-07-15 04:34 . 2004-07-15 04:34 16896 c:\windows\system32\mscorier.dll
+ 2009-06-06 02:49 . 2009-06-30 03:22 84661 c:\windows\system32\Macromed\Flash\uninstall_plugin.exe
+ 2009-05-16 11:58 . 2009-07-30 13:26 88590 c:\windows\system32\Macromed\Flash\uninstall_activeX.exe
+ 2004-08-04 12:00 . 2009-07-03 17:09 25600 c:\windows\system32\jsproxy.dll
- 2004-08-04 12:00 . 2009-03-08 09:33 25600 c:\windows\system32\jsproxy.dll
- 2005-09-20 16:36 . 2005-09-20 16:36 94208 c:\windows\system32\igfxext.exe
+ 2005-09-20 16:36 . 2005-09-20 14:36 94208 c:\windows\system32\igfxext.exe
- 2005-09-20 16:36 . 2005-09-20 16:36 40960 c:\windows\system32\igfxexps.dll
+ 2005-09-20 16:36 . 2005-09-20 14:36 40960 c:\windows\system32\igfxexps.dll
+ 2005-09-20 16:32 . 2005-09-20 14:32 86016 c:\windows\system32\igfxdo.dll
- 2005-09-20 16:32 . 2005-09-20 16:32 86016 c:\windows\system32\igfxdo.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuTRK.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuTRK.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuTHA.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuTHA.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuSVE.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuSVE.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuRUS.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuRUS.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuPTG.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuPTG.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuPTB.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuPTB.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuPLK.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuPLK.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuNOR.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuNOR.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuNLD.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuNLD.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuKOR.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuKOR.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuJPN.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuJPN.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuITA.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuITA.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuHUN.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuHUN.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuHEB.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuHEB.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuFRC.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuFRC.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuFRA.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuFRA.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuFIN.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuFIN.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuESP.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuESP.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuENG.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuENG.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuELL.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuELL.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuDEU.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuDEU.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuDAN.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuDAN.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuCSY.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuCSY.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuCHT.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuCHT.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuCHS.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuCHS.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuARB.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuARB.dll
- 2005-09-20 16:37 . 2005-09-20 16:37 40960 c:\windows\system32\ialmuARA.dll
+ 2005-09-20 16:37 . 2005-09-20 14:37 40960 c:\windows\system32\ialmuARA.dll
- 2005-09-20 16:52 . 2005-09-20 16:52 49152 c:\windows\system32\ialmrem.dll
+ 2005-09-20 16:52 . 2005-09-20 14:52 49152 c:\windows\system32\ialmrem.dll
+ 2009-06-10 03:12 . 2009-07-03 17:09 12800 c:\windows\system32\dllcache\xpshims.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 54272 c:\windows\system32\dllcache\wdigest.dll
+ 2009-06-12 12:31 . 2009-06-12 12:31 80896 c:\windows\system32\dllcache\tlntsess.exe
+ 2009-06-12 12:31 . 2009-06-12 12:31 76288 c:\windows\system32\dllcache\telnet.exe
+ 2009-02-03 19:59 . 2009-06-25 08:25 56832 c:\windows\system32\dllcache\secur32.dll
- 2009-02-03 19:59 . 2009-02-03 19:59 56832 c:\windows\system32\dllcache\secur32.dll
+ 2008-02-25 06:14 . 2009-07-03 17:09 55296 c:\windows\system32\dllcache\msfeedsbs.dll
- 2008-02-25 06:14 . 2009-03-08 09:31 55296 c:\windows\system32\dllcache\msfeedsbs.dll
+ 2009-06-24 11:18 . 2009-06-24 11:18 92928 c:\windows\system32\dllcache\ksecdd.sys
+ 2004-08-04 12:00 . 2009-07-03 17:09 25600 c:\windows\system32\dllcache\jsproxy.dll
- 2004-08-04 12:00 . 2009-03-08 09:33 25600 c:\windows\system32\dllcache\jsproxy.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 81920 c:\windows\system32\dllcache\fontsub.dll
+ 2009-06-10 14:13 . 2009-06-10 14:13 84992 c:\windows\system32\dllcache\avifil32.dll
+ 2009-07-17 19:01 . 2009-07-17 19:01 58880 c:\windows\system32\dllcache\atl.dll
+ 2009-03-31 03:52 . 2009-07-09 09:40 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
- 2009-03-31 03:52 . 2009-03-31 03:52 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2009-03-31 03:52 . 2009-07-09 09:40 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2009-03-31 03:52 . 2009-03-31 03:52 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-12-17 21:11 . 2009-03-31 03:52 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2007-12-17 21:11 . 2009-07-09 09:40 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2004-07-15 07:11 . 2004-07-15 07:11 31744 c:\windows\Microsoft.NET\Framework\v1.1.4322\WMINet_Utils.dll
+ 2004-06-22 18:51 . 2004-06-22 18:51 53248 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\hotfix.exe
+ 2004-07-15 19:28 . 2004-07-15 19:28 57344 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.RegularExpressions.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Security.dll
+ 2004-07-15 05:35 . 2004-07-15 05:35 66560 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.Thunk.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.Design.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 90112 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.DirectoryServices.dll
+ 2003-02-21 12:26 . 2003-02-21 12:26 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Configuration.Install.dll
+ 2004-07-15 05:34 . 2004-07-15 05:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2636\_PerfCounter.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2636\_mscorsn.dll
+ 2004-07-15 05:32 . 2004-07-15 05:32 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2636\_CORPerfMonExt.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegSvcs.exe
+ 2004-07-15 19:28 . 2004-07-15 19:28 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegCode.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\RegAsm.exe
+ 2004-07-15 05:34 . 2004-07-15 05:34 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\PerfCounter.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\ngen.exe
+ 2007-01-15 21:11 . 2007-01-15 21:11 73728 c:\windows\Microsoft.NET\Framework\v1.1.4322\netfxupdate.exe
+ 2003-02-20 23:43 . 2003-02-20 23:43 22528 c:\windows\Microsoft.NET\Framework\v1.1.4322\MUI\0409\mscorsecr.dll
+ 2003-02-21 00:18 . 2003-02-21 00:18 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\mtxoci8.dll
+ 2007-04-14 01:58 . 2007-04-14 01:58 77824 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsn.dll
+ 2004-07-15 05:33 . 2004-07-15 05:33 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsec.dll
+ 2003-02-21 00:06 . 2003-02-21 00:06 65536 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorpe.dll
+ 2007-04-14 01:57 . 2007-04-14 01:57 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorie.dll
+ 2004-07-15 05:32 . 2004-07-15 05:32 86016 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbc.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPolWin.exe
+ 2004-07-15 19:28 . 2004-07-15 19:28 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\MigPol.exe
+ 2003-02-21 12:25 . 2003-02-21 12:25 11264 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.Vsa.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.Vsa.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\jsc.exe
+ 2003-02-21 12:24 . 2003-02-21 12:24 26112 c:\windows\Microsoft.NET\Framework\v1.1.4322\ISymWrapper.dll
+ 2003-02-21 00:22 . 2003-02-21 00:22 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtilLib.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 15872 c:\windows\Microsoft.NET\Framework\v1.1.4322\InstallUtil.exe
+ 2004-07-15 19:31 . 2004-07-15 19:31 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEHost.dll
+ 2003-10-08 19:30 . 2003-10-08 19:30 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\gacutil.exe
+ 2003-02-21 09:12 . 2003-02-21 09:12 28672 c:\windows\Microsoft.NET\Framework\v1.1.4322\cvtres.exe
+ 2003-02-21 12:24 . 2003-02-21 12:24 33792 c:\windows\Microsoft.NET\Framework\v1.1.4322\CustomMarshalers.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 12288 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscompmgd.dll
+ 2004-07-15 16:23 . 2004-07-15 16:23 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\csc.exe
+ 2007-04-14 01:57 . 2007-04-14 01:57 81920 c:\windows\Microsoft.NET\Framework\v1.1.4322\CORPerfMonExt.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 49152 c:\windows\Microsoft.NET\Framework\v1.1.4322\ConfigWizards.exe
+ 2003-02-21 12:24 . 2003-02-21 12:24 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\CasPol.exe
+ 2007-04-14 02:30 . 2007-04-14 02:30 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_wp.exe
+ 2004-07-15 06:49 . 2004-07-15 06:49 32768 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe
+ 2004-07-15 06:49 . 2004-07-15 06:49 20480 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_regiis.exe
+ 2003-02-21 00:19 . 2003-02-21 00:19 40960 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_rc.dll
+ 2003-02-21 00:19 . 2003-02-21 00:19 24576 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_filter.dll
+ 2003-02-21 10:00 . 2003-02-21 10:00 98304 c:\windows\Microsoft.NET\Framework\v1.1.4322\alink.dll
+ 2003-02-21 08:55 . 2003-02-21 08:55 94208 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\cscompui.dll
+ 2003-02-21 07:59 . 2003-02-21 07:59 16896 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\alinkui.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 57344 c:\windows\Microsoft.NET\Framework\NETFXSBS10.exe
+ 2009-07-29 08:00 . 2009-04-30 21:22 12800 c:\windows\ie8updates\KB972260-IE8\xpshims.dll
+ 2009-07-29 08:00 . 2009-03-08 09:31 55296 c:\windows\ie8updates\KB972260-IE8\msfeedsbs.dll
+ 2009-07-29 08:00 . 2009-04-30 21:22 25600 c:\windows\ie8updates\KB972260-IE8\jsproxy.dll
+ 2009-06-10 08:03 . 2009-03-08 09:33 12288 c:\windows\ie8updates\KB969897-IE8\xpshims.dll
+ 2009-06-10 08:03 . 2009-03-08 09:33 25600 c:\windows\ie8updates\KB969897-IE8\jsproxy.dll
+ 2009-06-07 08:01 . 2009-06-07 08:01 90112 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a_891d7b1b\System.Drawing.Design.dll
+ 2009-06-07 08:01 . 2009-06-07 08:01 61440 c:\windows\assembly\NativeImages1_v1.1.4322\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a_d8ea41a8\CustomMarshalers.dll
+ 2009-06-06 01:52 . 2009-06-06 01:52 57344 c:\windows\assembly\GAC\System.Web.RegularExpressions\1.0.5000.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2009-06-06 01:52 . 2009-06-06 01:52 77824 c:\windows\assembly\GAC\System.Security\1.0.5000.0__b03f5f7f11d50a3a\System.Security.dll
+ 2009-06-06 01:52 . 2009-06-06 01:52 66560 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.Thunk.dll
+ 2009-06-03 17:42 . 2009-06-03 17:42 65536 c:\windows\assembly\GAC\System.Drawing.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2009-06-06 01:53 . 2009-06-06 01:53 90112 c:\windows\assembly\GAC\System.DirectoryServices\1.0.5000.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2009-06-03 17:42 . 2009-06-03 17:42 77824 c:\windows\assembly\GAC\System.Configuration.Install\1.0.5000.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2009-06-06 01:52 . 2009-06-06 01:52 32768 c:\windows\assembly\GAC\Regcode\1.0.5000.0__b03f5f7f11d50a3a\RegCode.dll
+ 2009-06-03 17:42 . 2009-06-03 17:42 32768 c:\windows\assembly\GAC\Microsoft.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2009-06-03 17:42 . 2009-06-03 17:42 11264 c:\windows\assembly\GAC\Microsoft.Vsa.Vb.CodeDOMProcessor\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2009-06-03 17:42 . 2009-06-03 17:42 28672 c:\windows\assembly\GAC\Microsoft.VisualBasic.Vsa\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2009-06-03 17:42 . 2009-06-03 17:42 26112 c:\windows\assembly\GAC\ISymWrapper\1.0.5000.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2009-06-06 01:52 . 2009-06-06 01:52 32768 c:\windows\assembly\GAC\IEHost\1.0.5000.0__b03f5f7f11d50a3a\IEHost.dll
+ 2009-06-03 17:42 . 2009-06-03 17:42 33792 c:\windows\assembly\GAC\CustomMarshalers\1.0.5000.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2009-06-03 17:42 . 2009-06-03 17:42 12288 c:\windows\assembly\GAC\cscompmgd\7.0.5000.0__b03f5f7f11d50a3a\cscompmgd.dll
+ 2009-07-16 08:00 . 2008-04-14 00:11 80896 c:\windows\$NtUninstallKB961371$\fontsub.dll
+ 2009-07-16 08:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB973346\update\spcustom.dll
+ 2009-07-16 08:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB973346\spmsg.dll
+ 2009-07-16 08:01 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB971633\update\spcustom.dll
+ 2009-07-16 08:01 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB971633\spmsg.dll
+ 2009-06-03 17:45 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB971180-IE8\update\spcustom.dll
+ 2009-06-03 17:45 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB971180-IE8\spmsg.dll
+ 2009-06-10 08:01 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB970238\update\spcustom.dll
+ 2009-06-10 08:01 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB970238\spmsg.dll
+ 2009-06-10 08:02 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969898\update\spcustom.dll
+ 2009-06-10 08:02 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969898\spmsg.dll
+ 2009-06-10 08:03 . 2007-11-30 12:39 26488 c:\windows\$hf_mig$\KB969897-IE8\update\spcustom.dll
+ 2009-06-10 08:03 . 2007-11-30 12:39 17272 c:\windows\$hf_mig$\KB969897-IE8\spmsg.dll
+ 2009-06-10 03:12 . 2009-04-30 21:22 12800 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\xpshims.dll
+ 2009-06-10 03:12 . 2009-04-30 21:22 25600 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\jsproxy.dll
+ 2009-06-10 08:01 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB968537\update\spcustom.dll
+ 2009-06-10 08:01 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB968537\spmsg.dll
+ 2009-06-10 08:03 . 2008-07-09 07:38 26488 c:\windows\$hf_mig$\KB961501\update\spcustom.dll
+ 2009-06-10 08:03 . 2008-07-09 07:38 17272 c:\windows\$hf_mig$\KB961501\spmsg.dll
+ 2009-07-16 08:00 . 2008-07-08 13:02 26488 c:\windows\$hf_mig$\KB961371\update\spcustom.dll
+ 2009-07-16 08:00 . 2008-07-08 13:02 17272 c:\windows\$hf_mig$\KB961371\spmsg.dll
+ 2009-06-16 14:43 . 2009-06-16 14:43 81920 c:\windows\$hf_mig$\KB961371\SP3QFE\fontsub.dll
+ 2006-12-22 18:02 . 2006-12-22 18:02 6144 c:\windows\system32\mui\0409\mscorees.dll
+ 2003-02-20 23:43 . 2003-02-20 23:43 4096 c:\windows\system32\mui\0409\mscoreer.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 9216 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscortim.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 6656 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft_VsaVb.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 6144 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualC.Dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 4608 c:\windows\Microsoft.NET\Framework\v1.1.4322\IIEHost.dll
+ 2004-07-15 19:31 . 2004-07-15 19:31 8192 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExecRemote.dll
+ 2003-02-21 12:24 . 2003-02-21 12:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\IEExec.exe
+ 2003-02-21 12:24 . 2003-02-21 12:24 7680 c:\windows\Microsoft.NET\Framework\v1.1.4322\Accessibility.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 5120 c:\windows\Microsoft.NET\Framework\sbscmp10.dll
+ 2002-05-14 14:42 . 2002-05-14 14:42 5120 c:\windows\Microsoft.NET\Framework\sbs_wminet_utils.dll
+ 2002-06-27 17:45 . 2002-06-27 17:45 5120 c:\windows\Microsoft.NET\Framework\sbs_VsaVb7rt.dll
+ 2002-05-14 14:42 . 2002-05-14 14:42 5120 c:\windows\Microsoft.NET\Framework\sbs_system.enterpriseservices.dll
+ 2002-05-14 14:42 . 2002-05-14 14:42 5120 c:\windows\Microsoft.NET\Framework\sbs_system.data.dll
+ 2002-05-14 14:42 . 2002-05-14 14:42 5120 c:\windows\Microsoft.NET\Framework\sbs_system.configuration.install.dll
+ 2002-05-14 14:42 . 2002-05-14 14:42 5120 c:\windows\Microsoft.NET\Framework\sbs_mscorsec.dll
+ 2002-07-19 16:52 . 2002-07-19 16:52 5120 c:\windows\Microsoft.NET\Framework\sbs_mscorrc.dll
+ 2002-05-14 14:42 . 2002-05-14 14:42 5120 c:\windows\Microsoft.NET\Framework\sbs_mscordbi.dll
+ 2002-05-14 14:42 . 2002-05-14 14:42 5632 c:\windows\Microsoft.NET\Framework\sbs_microsoft.vsa.vb.codedomprocessor.dll
+ 2002-05-14 14:42 . 2002-05-14 14:42 5120 c:\windows\Microsoft.NET\Framework\sbs_microsoft.jscript.dll
+ 2002-05-14 14:42 . 2002-05-14 14:42 5120 c:\windows\Microsoft.NET\Framework\sbs_iehost.dll
+ 2002-05-14 14:42 . 2002-05-14 14:42 5120 c:\windows\Microsoft.NET\Framework\sbs_diasymreader.dll
+ 2009-06-03 17:45 . 2009-03-08 09:35 2048 c:\windows\ie8updates\KB971180-IE8\iecompat.dll
+ 2009-06-03 17:42 . 2009-06-03 17:42 6656 c:\windows\assembly\GAC\Microsoft_VsaVb\7.0.5000.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2009-06-03 17:42 . 2009-06-03 17:42 6144 c:\windows\assembly\GAC\Microsoft.VisualC\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualC.dll
+ 2009-06-03 17:42 . 2009-06-03 17:42 4608 c:\windows\assembly\GAC\IIEHost\1.0.5000.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2009-06-06 01:52 . 2009-06-06 01:52 8192 c:\windows\assembly\GAC\IEExecRemote\1.0.5000.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2009-06-03 17:42 . 2009-06-03 17:42 7680 c:\windows\assembly\GAC\Accessibility\1.0.5000.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2009-06-03 17:42 . 2003-02-21 09:42 348160 c:\windows\system32\URTTemp\msvcr71.dll
+ 2009-06-03 17:42 . 2003-02-21 00:06 155648 c:\windows\system32\URTTemp\mscoree.dll
+ 2009-06-03 17:42 . 2003-02-21 00:06 282624 c:\windows\system32\URTTemp\fusion.dll
+ 2004-08-04 12:00 . 2009-04-15 14:51 585216 c:\windows\system32\rpcrt4.dll
+ 2009-06-03 17:44 . 2005-09-20 16:44 524288 c:\windows\system32\ReinstallBackups\0013\DriverFiles\igldev32.dll
+ 2009-06-03 17:44 . 2005-09-20 16:36 114688 c:\windows\system32\ReinstallBackups\0013\DriverFiles\igfxzoom.exe
+ 2009-06-03 17:44 . 2005-09-20 16:32 159744 c:\windows\system32\ReinstallBackups\0013\DriverFiles\igfxsrvc.exe
+ 2009-06-03 17:44 . 2005-09-20 16:35 147456 c:\windows\system32\ReinstallBackups\0013\DriverFiles\igfxpph.dll
+ 2009-06-03 17:44 . 2005-09-20 16:36 114688 c:\windows\system32\ReinstallBackups\0013\DriverFiles\igfxpers.exe
+ 2009-06-03 17:44 . 2005-09-20 16:31 135168 c:\windows\system32\ReinstallBackups\0013\DriverFiles\igfxdev.dll
+ 2009-06-03 17:44 . 2005-09-20 16:35 446464 c:\windows\system32\ReinstallBackups\0013\DriverFiles\igfxcfg.exe
+ 2009-06-03 17:44 . 2005-09-20 16:37 114688 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmudlg.exe
+ 2009-06-03 17:44 . 2005-09-20 16:52 118395 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmdnt5.dll
+ 2009-06-03 17:44 . 2005-09-20 16:52 213274 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmdev5.dll
+ 2009-06-03 17:44 . 2005-09-20 16:59 900218 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmdd5.dll
+ 2004-08-04 12:00 . 2009-06-06 01:52 380680 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2009-07-03 17:09 206848 c:\windows\system32\occache.dll
- 2007-08-14 00:54 . 2009-03-08 09:32 594432 c:\windows\system32\msfeeds.dll
+ 2007-08-14 00:54 . 2009-07-03 17:09 594432 c:\windows\system32\msfeeds.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 106496 c:\windows\system32\mscories.dll
+ 2006-12-22 17:28 . 2006-12-22 17:28 271360 c:\windows\system32\mscoree.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 240544 c:\windows\system32\Macromed\Flash\NPSWF32_FlashUtil.exe
+ 2004-08-04 12:00 . 2009-05-07 15:32 345600 c:\windows\system32\localspl.dll
+ 2005-09-20 16:44 . 2005-09-20 14:44 524288 c:\windows\system32\igldev32.dll
- 2005-09-20 16:44 . 2005-09-20 16:44 524288 c:\windows\system32\igldev32.dll
- 2005-09-20 16:36 . 2005-09-20 16:36 114688 c:\windows\system32\igfxzoom.exe
+ 2005-09-20 16:36 . 2005-09-20 14:36 114688 c:\windows\system32\igfxzoom.exe
- 2005-09-20 16:32 . 2005-09-20 16:32 159744 c:\windows\system32\igfxsrvc.exe
+ 2005-09-20 16:32 . 2005-09-20 14:32 159744 c:\windows\system32\igfxsrvc.exe
- 2006-12-12 15:19 . 2005-09-20 16:31 135168 c:\windows\system32\igfxres.dll
+ 2009-06-03 18:59 . 2005-09-20 14:31 135168 c:\windows\system32\igfxres.dll
+ 2005-09-20 16:35 . 2005-09-20 14:35 147456 c:\windows\system32\igfxpph.dll
- 2005-09-20 16:35 . 2005-09-20 16:35 147456 c:\windows\system32\igfxpph.dll
+ 2005-09-20 16:31 . 2005-09-20 14:31 135168 c:\windows\system32\igfxdev.dll
- 2005-09-20 16:31 . 2005-09-20 16:31 135168 c:\windows\system32\igfxdev.dll
- 2005-09-20 16:35 . 2005-09-20 16:35 446464 c:\windows\system32\igfxcfg.exe
+ 2005-09-20 16:35 . 2005-09-20 14:35 446464 c:\windows\system32\igfxcfg.exe
+ 2004-08-04 12:00 . 2009-07-03 17:09 184320 c:\windows\system32\iepeers.dll
+ 2004-08-04 12:00 . 2009-07-03 17:09 386048 c:\windows\system32\iedkcs32.dll
- 2004-08-04 12:00 . 2009-03-08 09:32 173056 c:\windows\system32\ie4uinit.exe
+ 2004-08-04 12:00 . 2009-07-03 11:01 173056 c:\windows\system32\ie4uinit.exe
+ 2005-09-20 16:37 . 2005-09-20 14:37 114688 c:\windows\system32\ialmudlg.exe
- 2005-09-20 16:37 . 2005-09-20 16:37 114688 c:\windows\system32\ialmudlg.exe
+ 2006-12-12 08:50 . 2009-06-10 08:10 177056 c:\windows\system32\FNTCACHE.DAT
- 2006-12-12 08:50 . 2009-03-31 03:52 177056 c:\windows\system32\FNTCACHE.DAT
+ 2004-08-04 12:00 . 2009-07-14 04:43 286208 c:\windows\system32\dllcache\wmpdxm.dll
+ 2009-06-10 06:14 . 2009-06-10 06:14 132096 c:\windows\system32\dllcache\wkssvc.dll
+ 2004-08-04 12:00 . 2009-07-03 17:09 915456 c:\windows\system32\dllcache\wininet.dll
+ 2009-06-16 14:36 . 2009-06-16 14:36 119808 c:\windows\system32\dllcache\t2embed.dll
+ 2008-12-05 06:54 . 2009-06-25 08:25 147456 c:\windows\system32\dllcache\schannel.dll
+ 2009-04-15 14:51 . 2009-04-15 14:51 585216 c:\windows\system32\dllcache\rpcrt4.dll
+ 2004-08-04 12:00 . 2009-07-03 17:09 206848 c:\windows\system32\dllcache\occache.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll
- 2008-02-25 06:14 . 2009-03-08 09:32 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2008-02-25 06:14 . 2009-07-03 17:09 594432 c:\windows\system32\dllcache\msfeeds.dll
+ 2009-04-16 08:41 . 2009-06-25 08:25 730112 c:\windows\system32\dllcache\lsasrv.dll
+ 2009-05-07 15:32 . 2009-05-07 15:32 345600 c:\windows\system32\dllcache\localspl.dll
+ 2009-06-25 08:25 . 2009-06-25 08:25 301568 c:\windows\system32\dllcache\kerberos.dll
+ 2009-06-10 03:12 . 2009-07-03 17:09 246272 c:\windows\system32\dllcache\ieproxy.dll
+ 2004-08-04 12:00 . 2009-07-03 17:09 184320 c:\windows\system32\dllcache\iepeers.dll
+ 2004-08-04 12:00 . 2009-07-03 17:09 386048 c:\windows\system32\dllcache\iedkcs32.dll
+ 2009-06-03 17:42 . 2009-05-12 05:11 102912 c:\windows\system32\dllcache\iecompat.dll
+ 2004-08-04 12:00 . 2009-07-03 11:01 173056 c:\windows\system32\dllcache\ie4uinit.exe
- 2004-08-04 12:00 . 2009-03-08 09:32 173056 c:\windows\system32\dllcache\ie4uinit.exe
+ 2008-08-22 20:50 . 2004-08-04 12:00 366080 c:\windows\ServicePackFiles\i386\digreqex.msi
+ 2008-08-22 20:50 . 2004-08-04 12:00 863232 c:\windows\ServicePackFiles\i386\digopt.msi
+ 2004-07-15 16:23 . 2004-07-15 16:23 737280 c:\windows\Microsoft.NET\Framework\v1.1.4322\vbc.exe
+ 2004-07-15 19:31 . 2004-07-15 19:31 573440 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Services.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 819200 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.Mobile.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 126976 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.ServiceProcess.dll
+ 2004-07-15 19:31 . 2004-07-15 19:31 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Serialization.Formatters.Soap.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 323584 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Runtime.Remoting.dll
+ 2004-07-15 19:31 . 2004-07-15 19:31 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Messaging.dll
+ 2004-07-15 19:31 . 2004-07-15 19:31 372736 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Management.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 241664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.EnterpriseServices.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 466944 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Drawing.dll
+ 2004-07-15 19:31 . 2004-07-15 19:31 303104 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.OracleClient.dll
+ 2004-07-15 05:35 . 2004-07-15 05:35 319488 c:\windows\Microsoft.NET\Framework\v1.1.4322\SOS.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 122880 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusres.dll
+ 2003-02-21 00:09 . 2003-02-21 00:09 253952 c:\windows\Microsoft.NET\Framework\v1.1.4322\shfusion.dll
+ 2003-02-21 09:42 . 2003-02-21 09:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2636\_msvcr71.dll
+ 2004-07-15 05:25 . 2004-07-15 05:25 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2636\_mscorjit.dll
+ 2004-07-15 05:24 . 2004-07-15 05:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2636\_fusion.dll
+ 2004-07-15 06:49 . 2004-07-15 06:49 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2636\_aspnet_isapi.dll
+ 2003-02-21 09:42 . 2003-02-21 09:42 348160 c:\windows\Microsoft.NET\Framework\v1.1.4322\msvcr71.dll
+ 2004-07-15 05:33 . 2004-07-15 05:33 143360 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorrc.dll
+ 2003-02-20 23:43 . 2003-02-20 23:43 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscormmc.dll
+ 2007-04-14 01:58 . 2007-04-14 01:58 102400 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorld.dll
+ 2007-04-14 01:56 . 2007-04-14 01:56 315392 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorjit.dll
+ 2004-07-15 05:32 . 2004-07-15 05:32 233472 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscordbi.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 299008 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.VisualBasic.dll
+ 2004-07-15 19:28 . 2004-07-15 19:28 720896 c:\windows\Microsoft.NET\Framework\v1.1.4322\Microsoft.JScript.dll
+ 2004-07-15 05:35 . 2004-07-15 05:35 196608 c:\windows\Microsoft.NET\Framework\v1.1.4322\ilasm.exe
+ 2004-07-15 05:24 . 2004-07-15 05:24 282624 c:\windows\Microsoft.NET\Framework\v1.1.4322\fusion.dll
+ 2003-02-21 00:16 . 2003-02-21 00:16 798720 c:\windows\Microsoft.NET\Framework\v1.1.4322\EventLogMessages.dll
+ 2003-02-21 15:21 . 2003-02-21 15:21 524288 c:\windows\Microsoft.NET\Framework\v1.1.4322\diasymreader.dll
+ 2004-07-15 16:23 . 2004-07-15 16:23 626688 c:\windows\Microsoft.NET\Framework\v1.1.4322\cscomp.dll
+ 2002-07-29 16:11 . 2002-07-29 16:11 219136 c:\windows\Microsoft.NET\Framework\v1.1.4322\c_g18030.dll
+ 2007-04-14 02:30 . 2007-04-14 02:30 258048 c:\windows\Microsoft.NET\Framework\v1.1.4322\aspnet_isapi.dll
+ 2003-02-21 10:04 . 2003-02-21 10:04 155648 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\Vsavb7rtUI.dll
+ 2003-02-21 08:02 . 2003-02-21 08:02 131072 c:\windows\Microsoft.NET\Framework\v1.1.4322\1033\vbc7ui.dll
+ 2003-02-20 23:43 . 2003-02-20 23:43 131072 c:\windows\Microsoft.NET\Framework\v1.0.3705\mscormmc.dll
+ 2009-02-15 14:09 . 2009-02-15 14:09 474624 c:\windows\Installer\f8e2fd5.msi
+ 2008-01-05 17:38 . 2008-01-05 17:38 282624 c:\windows\Installer\8491a92.msi
+ 2008-02-19 03:28 . 2008-02-19 03:28 366592 c:\windows\Installer\1dadbc95.msi
+ 2006-12-12 15:09 . 2006-12-12 15:09 264704 c:\windows\Installer\1a835.msi
+ 2007-12-22 04:41 . 2007-12-22 04:41 331264 c:\windows\Installer\18d541.msi
+ 2007-12-22 03:49 . 2007-12-22 03:49 391680 c:\windows\Installer\173f11.msi
+ 2008-08-25 02:59 . 2008-08-25 02:59 532992 c:\windows\Installer\10f61.msi
+ 2009-07-29 08:00 . 2009-05-13 05:15 915456 c:\windows\ie8updates\KB972260-IE8\wininet.dll
+ 2009-07-29 08:00 . 2009-05-26 11:40 382840 c:\windows\ie8updates\KB972260-IE8\spuninst\updspapi.dll
+ 2009-07-29 08:00 . 2009-05-26 11:40 231288 c:\windows\ie8updates\KB972260-IE8\spuninst\spuninst.exe
+ 2009-07-29 08:00 . 2009-03-08 09:34 109568 c:\windows\ie8updates\KB972260-IE8\occache.dll
+ 2009-07-29 08:00 . 2009-03-08 09:32 594432 c:\windows\ie8updates\KB972260-IE8\msfeeds.dll
+ 2009-07-29 08:00 . 2009-04-30 21:22 246272 c:\windows\ie8updates\KB972260-IE8\ieproxy.dll
+ 2009-07-29 08:00 . 2009-03-08 09:31 183808 c:\windows\ie8updates\KB972260-IE8\iepeers.dll
+ 2009-07-29 08:00 . 2009-04-30 21:22 385536 c:\windows\ie8updates\KB972260-IE8\iedkcs32.dll
+ 2009-07-29 08:00 . 2009-04-30 11:21 173056 c:\windows\ie8updates\KB972260-IE8\ie4uinit.exe
+ 2009-06-03 17:45 . 2007-11-30 12:39 382840 c:\windows\ie8updates\KB971180-IE8\spuninst\updspapi.dll
+ 2009-06-03 17:45 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB971180-IE8\spuninst\spuninst.exe
+ 2009-06-10 08:03 . 2009-03-08 09:34 914944 c:\windows\ie8updates\KB969897-IE8\wininet.dll
+ 2009-06-10 08:03 . 2008-07-09 07:38 382840 c:\windows\ie8updates\KB969897-IE8\spuninst\updspapi.dll
+ 2009-06-10 08:03 . 2007-11-30 12:39 231288 c:\windows\ie8updates\KB969897-IE8\spuninst\spuninst.exe
+ 2009-06-10 08:03 . 2009-03-08 09:33 246784 c:\windows\ie8updates\KB969897-IE8\ieproxy.dll
+ 2009-06-10 08:03 . 2009-03-08 19:09 391536 c:\windows\ie8updates\KB969897-IE8\iedkcs32.dll
+ 2009-06-10 08:03 . 2009-03-08 09:32 173056 c:\windows\ie8updates\KB969897-IE8\ie4uinit.exe
+ 2009-06-07 08:02 . 2009-06-07 08:02 835584 c:\windows\assembly\NativeImages1_v1.1.4322\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a_f2ab8961\System.Drawing.dll
+ 2009-06-06 01:52 . 2009-06-06 01:52 573440 c:\windows\assembly\GAC\System.Web.Services\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2009-06-06 01:52 . 2009-06-06 01:52 819200 c:\windows\assembly\GAC\System.Web.Mobile\1.0.5000.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2009-06-06 01:53 . 2009-06-06 01:53 126976 c:\windows\assembly\GAC\System.ServiceProcess\1.0.5000.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
+ 2009-06-06 01:52 . 2009-06-06 01:52 131072 c:\windows\assembly\GAC\System.Runtime.Serialization.Formatters.Soap\1.0.5000.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2009-06-06 01:52 . 2009-06-06 01:52 323584 c:\windows\assembly\GAC\System.Runtime.Remoting\1.0.5000.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2009-06-06 01:53 . 2009-06-06 01:53 241664 c:\windows\assembly\GAC\System.Messaging\1.0.5000.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2009-06-06 01:52 . 2009-06-06 01:52 372736 c:\windows\assembly\GAC\System.Management\1.0.5000.0__b03f5f7f11d50a3a\System.Management.dll
+ 2009-06-06 01:52 . 2009-06-06 01:52 241664 c:\windows\assembly\GAC\System.EnterpriseServices\1.0.5000.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2009-06-06 01:52 . 2009-06-06 01:52 466944 c:\windows\assembly\GAC\System.Drawing\1.0.5000.0__b03f5f7f11d50a3a\System.Drawing.dll
+ 2009-06-06 01:52 . 2009-06-06 01:52 303104 c:\windows\assembly\GAC\System.Data.OracleClient\1.0.5000.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2009-06-06 01:52 . 2009-06-06 01:52 299008 c:\windows\assembly\GAC\Microsoft.VisualBasic\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
+ 2009-06-06 01:53 . 2009-06-06 01:53 720896 c:\windows\assembly\GAC\Microsoft.JScript\7.0.5000.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
+ 2009-07-16 08:01 . 2008-07-08 13:02 382840 c:\windows\$NtUninstallKB973346$\spuninst\updspapi.dll
+ 2009-07-16 08:01 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB973346$\spuninst\spuninst.exe
+ 2009-07-16 08:01 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB971633$\spuninst\updspapi.dll
+ 2009-07-16 08:01 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB971633$\spuninst\spuninst.exe
+ 2009-06-10 08:01 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB970238$\spuninst\updspapi.dll
+ 2009-06-10 08:01 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB970238$\spuninst\spuninst.exe
+ 2009-06-10 08:01 . 2008-04-14 00:12 584704 c:\windows\$NtUninstallKB970238$\rpcrt4.dll
+ 2009-06-10 08:02 . 2007-11-30 12:39 382840 c:\windows\$NtUninstallKB969898$\spuninst\updspapi.dll
+ 2009-06-10 08:02 . 2007-11-30 12:39 231288 c:\windows\$NtUninstallKB969898$\spuninst\spuninst.exe
+ 2009-06-10 08:01 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB968537$\spuninst\updspapi.dll
+ 2009-06-10 08:01 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB968537$\spuninst\spuninst.exe
+ 2009-06-10 08:03 . 2008-07-09 07:38 382840 c:\windows\$NtUninstallKB961501$\spuninst\updspapi.dll
+ 2009-06-10 08:03 . 2008-07-09 07:38 231288 c:\windows\$NtUninstallKB961501$\spuninst\spuninst.exe
+ 2009-06-10 08:03 . 2008-04-14 00:11 343040 c:\windows\$NtUninstallKB961501$\localspl.dll
+ 2009-07-16 08:00 . 2008-04-14 00:12 117760 c:\windows\$NtUninstallKB961371$\t2embed.dll
+ 2009-07-16 08:00 . 2009-05-26 11:40 382840 c:\windows\$NtUninstallKB961371$\spuninst\updspapi.dll
+ 2009-07-16 08:00 . 2008-07-08 13:02 231288 c:\windows\$NtUninstallKB961371$\spuninst\spuninst.exe
+ 2009-07-16 08:01 . 2008-07-08 13:02 382840 c:\windows\$hf_mig$\KB973346\update\updspapi.dll
+ 2009-07-16 08:01 . 2008-07-08 13:02 755576 c:\windows\$hf_mig$\KB973346\update\update.exe
+ 2009-07-16 08:01 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB973346\spuninst.exe
+ 2009-07-16 08:01 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB971633\update\updspapi.dll
+ 2009-07-16 08:01 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB971633\update\update.exe
+ 2009-07-16 08:01 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB971633\spuninst.exe
+ 2009-06-03 17:45 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB971180-IE8\update\updspapi.dll
+ 2009-06-03 17:45 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB971180-IE8\update\update.exe
+ 2009-06-03 17:45 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB971180-IE8\spuninst.exe
+ 2009-06-03 17:42 . 2009-05-12 05:11 102912 c:\windows\$hf_mig$\KB971180-IE8\SP3QFE\iecompat.dll
+ 2009-06-10 08:01 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB970238\update\updspapi.dll
+ 2009-06-10 08:01 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB970238\update\update.exe
+ 2009-06-10 08:01 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB970238\spuninst.exe
+ 2009-04-15 15:24 . 2009-04-15 15:24 585216 c:\windows\$hf_mig$\KB970238\SP3QFE\rpcrt4.dll
+ 2009-06-10 08:02 . 2007-11-30 12:39 382840 c:\windows\$hf_mig$\KB969898\update\updspapi.dll
+ 2009-06-10 08:02 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB969898\update\update.exe
+ 2009-06-10 08:02 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB969898\spuninst.exe
+ 2009-06-10 08:03 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB969897-IE8\update\updspapi.dll
+ 2009-06-10 08:03 . 2007-11-30 12:39 755576 c:\windows\$hf_mig$\KB969897-IE8\update\update.exe
+ 2009-06-10 08:03 . 2007-11-30 12:39 231288 c:\windows\$hf_mig$\KB969897-IE8\spuninst.exe
+ 2009-06-10 03:12 . 2009-05-13 05:10 915456 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\wininet.dll
+ 2009-06-10 03:12 . 2009-04-30 21:22 246272 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\ieproxy.dll
+ 2009-06-10 03:12 . 2009-04-30 21:22 385536 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\iedkcs32.dll
+ 2009-06-10 03:12 . 2009-04-30 10:47 173056 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\ie4uinit.exe
+ 2009-06-10 08:01 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB968537\update\updspapi.dll
+ 2009-06-10 08:01 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB968537\update\update.exe
+ 2009-06-10 08:01 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB968537\spuninst.exe
+ 2009-06-10 08:03 . 2008-07-09 07:38 382840 c:\windows\$hf_mig$\KB961501\update\updspapi.dll
+ 2009-06-10 08:03 . 2008-07-09 07:38 755576 c:\windows\$hf_mig$\KB961501\update\update.exe
+ 2009-06-10 08:03 . 2008-07-09 07:38 231288 c:\windows\$hf_mig$\KB961501\spuninst.exe
+ 2009-05-07 15:14 . 2009-05-07 15:14 346112 c:\windows\$hf_mig$\KB961501\SP3QFE\localspl.dll
+ 2009-07-16 08:00 . 2009-05-26 11:40 382840 c:\windows\$hf_mig$\KB961371\update\updspapi.dll
+ 2009-07-16 08:00 . 2009-05-26 11:40 755576 c:\windows\$hf_mig$\KB961371\update\update.exe
+ 2009-07-16 08:00 . 2008-07-08 13:02 231288 c:\windows\$hf_mig$\KB961371\spuninst.exe
+ 2009-06-16 14:43 . 2009-06-16 14:43 119808 c:\windows\$hf_mig$\KB961371\SP3QFE\t2embed.dll
+ 2004-08-04 12:00 . 2009-04-17 12:26 1847168 c:\windows\system32\win32k.sys
+ 2004-08-04 12:00 . 2004-08-04 12:00 1326080 c:\windows\system32\webfldrs.msi
+ 2009-06-03 17:42 . 2003-02-21 00:08 2482176 c:\windows\system32\URTTemp\mscorwks.dll
+ 2004-08-04 12:00 . 2009-07-03 17:09 1208832 c:\windows\system32\urlmon.dll
+ 2009-06-03 17:44 . 2005-09-20 16:43 2310144 c:\windows\system32\ReinstallBackups\0013\DriverFiles\iglicd32.dll
+ 2009-06-03 17:44 . 2005-09-20 16:35 1503232 c:\windows\system32\ReinstallBackups\0013\DriverFiles\igfxress.dll
+ 2009-06-03 17:44 . 2005-09-20 17:00 1302332 c:\windows\system32\ReinstallBackups\0013\DriverFiles\ialmnt5.sys
- 2004-08-04 12:00 . 2009-03-08 09:41 5937152 c:\windows\system32\mshtml.dll
+ 2004-08-04 12:00 . 2009-07-19 13:18 5937152 c:\windows\system32\mshtml.dll
+ 2009-02-03 02:15 . 2009-02-03 02:15 3771296 c:\windows\system32\Macromed\Flash\NPSWF32.dll
- 2005-09-20 16:43 . 2005-09-20 16:43 2310144 c:\windows\system32\iglicd32.dll
+ 2005-09-20 16:43 . 2005-09-20 14:43 2310144 c:\windows\system32\iglicd32.dll
+ 2007-08-14 00:34 . 2009-07-03 17:09 1985536 c:\windows\system32\iertutil.dll
- 2005-09-20 17:00 . 2005-09-20 17:00 1302332 c:\windows\system32\drivers\ialmnt5.sys
+ 2005-09-20 17:00 . 2005-09-20 15:00 1302332 c:\windows\system32\drivers\ialmnt5.sys
+ 2008-10-15 03:55 . 2009-04-17 12:26 1847168 c:\windows\system32\dllcache\win32k.sys
+ 2004-08-04 12:00 . 2009-07-03 17:09 1208832 c:\windows\system32\dllcache\urlmon.dll
+ 2008-05-07 05:12 . 2009-06-03 19:09 1291264 c:\windows\system32\dllcache\quartz.dll
+ 2006-12-12 14:59 . 2009-06-10 14:19 2066432 c:\windows\system32\dllcache\mstscax.dll
- 2004-08-04 12:00 . 2009-03-08 09:41 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2004-08-04 12:00 . 2009-07-19 13:18 5937152 c:\windows\system32\dllcache\mshtml.dll
+ 2008-02-25 06:14 . 2009-07-03 17:09 1985536 c:\windows\system32\dllcache\iertutil.dll
+ 2008-08-22 20:55 . 2004-08-04 12:00 1326080 c:\windows\ServicePackFiles\i386\webfldrs.msi
+ 2008-08-22 20:53 . 2004-08-04 12:00 5080576 c:\windows\ServicePackFiles\i386\msnmsgs.msi
+ 2004-07-15 13:15 . 2004-07-15 13:15 1032192 c:\windows\Microsoft.NET\Framework\v1.1.4322\VsaVb7rt.dll
+ 2007-05-25 17:08 . 2007-05-25 17:08 9609728 c:\windows\Microsoft.NET\Framework\v1.1.4322\Updates\M928366\M928366Uninstall.msp
+ 2004-07-15 19:29 . 2004-07-15 19:29 1339392 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.XML.dll
+ 2004-07-15 19:32 . 2004-07-15 19:32 2052096 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Windows.Forms.dll
+ 2007-04-14 02:35 . 2007-04-14 02:35 1265664 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Web.dll
+ 2007-04-14 02:35 . 2007-04-14 02:35 1232896 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.dll
+ 2004-07-15 19:29 . 2004-07-15 19:29 1703936 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Design.dll
+ 2004-07-15 19:32 . 2004-07-15 19:32 1294336 c:\windows\Microsoft.NET\Framework\v1.1.4322\System.Data.dll
+ 2004-07-15 05:28 . 2004-07-15 05:28 2502656 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2636\_mscorwks.dll
+ 2004-07-15 05:26 . 2004-07-15 05:26 2510848 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2636\_mscorsvr.dll
+ 2004-07-15 19:29 . 2004-07-15 19:29 2138112 c:\windows\Microsoft.NET\Framework\v1.1.4322\SHADOW2636\_mscorlib.dll
+ 2007-04-14 01:57 . 2007-04-14 01:57 2514944 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorwks.dll
+ 2007-04-14 01:57 . 2007-04-14 01:57 2523136 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorsvr.dll
+ 2007-04-14 01:50 . 2007-04-14 01:50 2142208 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorlib.dll
+ 2003-02-21 12:25 . 2003-02-21 12:25 1564672 c:\windows\Microsoft.NET\Framework\v1.1.4322\mscorcfg.dll
+ 2009-03-26 03:11 . 2009-03-26 03:11 3104768 c:\windows\Installer\7e58d2.msi
+ 2009-03-26 03:08 . 2009-03-26 03:08 2708480 c:\windows\Installer\7e58cd.msi
+ 2009-06-03 17:43 . 2009-06-03 17:43 3443712 c:\windows\Installer\42fe970.msi
+ 2008-02-14 02:00 . 2008-02-14 02:00 3620864 c:\windows\Installer\39da650.msi
+ 2008-10-18 22:24 . 2008-10-18 22:24 2788864 c:\windows\Installer\36d45.msi
+ 2006-12-12 15:21 . 2006-12-12 15:21 1212928 c:\windows\Installer\2dea3.msi
+ 2007-12-22 04:52 . 2007-12-22 04:52 2332672 c:\windows\Installer\18d576.msi
+ 2008-03-19 09:31 . 2008-03-19 09:31 3279872 c:\windows\Installer\1084692d.msi
+ 2008-03-19 09:30 . 2008-03-19 09:30 1635328 c:\windows\Installer\10846928.msi
+ 2008-03-19 09:29 . 2008-03-19 09:29 8984576 c:\windows\Installer\10846923.msi
+ 2008-03-19 09:28 . 2008-03-19 09:28 1539072 c:\windows\Installer\1084691e.msi
+ 2008-03-19 09:28 . 2008-03-19 09:28 2793984 c:\windows\Installer\10846919.msi
+ 2009-07-29 08:00 . 2009-04-30 21:22 1207808 c:\windows\ie8updates\KB972260-IE8\urlmon.dll
+ 2009-07-29 08:00 . 2009-05-13 05:15 5936128 c:\windows\ie8updates\KB972260-IE8\mshtml.dll
+ 2009-07-29 08:00 . 2009-04-30 21:22 1985024 c:\windows\ie8updates\KB972260-IE8\iertutil.dll
+ 2009-06-10 08:03 . 2009-03-08 09:34 1206784 c:\windows\ie8updates\KB969897-IE8\urlmon.dll
+ 2009-06-10 08:03 . 2009-03-08 09:41 5937152 c:\windows\ie8updates\KB969897-IE8\mshtml.dll
+ 2009-06-10 08:03 . 2009-03-08 09:32 1985024 c:\windows\ie8updates\KB969897-IE8\iertutil.dll
+ 2009-06-07 08:01 . 2009-06-07 08:01 1966080 c:\windows\assembly\NativeImages1_v1.1.4322\System\1.0.5000.0__b77a5c561934e089_bd7d67ec\System.dll
+ 2009-06-07 08:02 . 2009-06-07 08:02 2088960 c:\windows\assembly\NativeImages1_v1.1.4322\System.Xml\1.0.5000.0__b77a5c561934e089_845103f4\System.Xml.dll
+ 2009-06-07 08:02 . 2009-06-07 08:02 3018752 c:\windows\assembly\NativeImages1_v1.1.4322\System.Windows.Forms\1.0.5000.0__b77a5c561934e089_f2c05540\System.Windows.Forms.dll
+ 2009-06-07 08:02 . 2009-06-07 08:02 1470464 c:\windows\assembly\NativeImages1_v1.1.4322\System.Design\1.0.5000.0__b03f5f7f11d50a3a_b70bcfa7\System.Design.dll
+ 2009-06-07 08:02 . 2009-06-07 08:02 3391488 c:\windows\assembly\NativeImages1_v1.1.4322\mscorlib\1.0.5000.0__b77a5c561934e089_944796e5\mscorlib.dll
+ 2009-06-07 08:01 . 2009-06-07 08:01 1232896 c:\windows\assembly\GAC\System\1.0.5000.0__b77a5c561934e089\System.dll
+ 2009-06-06 01:52 . 2009-06-06 01:52 1339392 c:\windows\assembly\GAC\System.Xml\1.0.5000.0__b77a5c561934e089\System.XML.dll
+ 2009-06-06 01:52 . 2009-06-06 01:52 2052096 c:\windows\assembly\GAC\System.Windows.Forms\1.0.5000.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2009-06-07 08:01 . 2009-06-07 08:01 1265664 c:\windows\assembly\GAC\System.Web\1.0.5000.0__b03f5f7f11d50a3a\System.Web.dll
+ 2009-06-06 01:52 . 2009-06-06 01:52 1703936 c:\windows\assembly\GAC\System.Design\1.0.5000.0__b03f5f7f11d50a3a\System.Design.dll
+ 2009-06-06 01:52 . 2009-06-06 01:52 1294336 c:\windows\assembly\GAC\System.Data\1.0.5000.0__b77a5c561934e089\System.Data.dll
+ 2009-06-03 17:42 . 2009-06-03 17:42 1564672 c:\windows\assembly\GAC\mscorcfg\1.0.5000.0__b03f5f7f11d50a3a\mscorcfg.dll
+ 2009-07-16 08:01 . 2008-12-20 22:14 1288192 c:\windows\$NtUninstallKB971633$\quartz.dll
+ 2009-06-10 08:01 . 2009-02-09 11:13 1846784 c:\windows\$NtUninstallKB968537$\win32k.sys
+ 2009-06-03 19:12 . 2009-06-03 19:12 1291264 c:\windows\$hf_mig$\KB971633\SP3QFE\quartz.dll
+ 2009-06-10 03:12 . 2009-04-30 21:22 1207808 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\urlmon.dll
+ 2009-06-10 03:12 . 2009-05-13 05:10 5936128 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\mshtml.dll
+ 2009-06-10 03:12 . 2009-04-30 21:22 1985024 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\iertutil.dll
+ 2009-04-17 10:50 . 2009-04-17 10:50 1847808 c:\windows\$hf_mig$\KB968537\SP3QFE\win32k.sys
+ 2004-08-04 12:00 . 2009-07-14 04:43 10841088 c:\windows\system32\wmp.dll
+ 2008-02-24 10:14 . 2009-07-30 00:49 24281536 c:\windows\system32\MRT.exe
+ 2007-08-14 00:54 . 2009-07-19 23:48 11067392 c:\windows\system32\ieframe.dll
+ 2004-08-04 12:00 . 2009-07-14 04:43 10841088 c:\windows\system32\dllcache\wmp.dll
+ 2008-02-25 06:14 . 2009-07-19 23:48 11067392 c:\windows\system32\dllcache\ieframe.dll
+ 2009-06-06 01:51 . 2009-06-06 01:51 19210240 c:\windows\Installer\9784db.msp
+ 2009-06-07 08:00 . 2009-06-07 08:00 15256576 c:\windows\Installer\675e982.msp
+ 2009-07-29 08:00 . 2009-04-30 21:22 11064832 c:\windows\ie8updates\KB972260-IE8\ieframe.dll
+ 2009-06-10 08:03 . 2009-03-08 09:39 11063808 c:\windows\ie8updates\KB969897-IE8\ieframe.dll
+ 2009-05-01 20:22 . 2009-05-01 20:22 11064832 c:\windows\$hf_mig$\KB969897-IE8\SP3QFE\ieframe.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OE"="c:\program files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe" [2008-10-18 497008]
"Advanced SystemCare 3"="c:\program files\IObit\Advanced SystemCare 3\AWC.exe" [2009-06-30 2329224]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Smapp"="c:\program files\Analog Devices\SoundMAX\SMTray.exe" [2003-05-05 143360]
"DrvLsnr"="c:\program files\Analog Devices\SoundMAX\DrvLsnr.exe" [2003-05-08 69632]
"EPSON Stylus Photo RX500"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE" [2003-06-01 99840]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 132496]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-12 39792]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-02-19 185896]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2008-02-01 385024]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-02-19 267048]
"UfSeAgnt.exe"="c:\program files\Trend Micro\Internet Security\UfSeAgnt.exe" [2009-04-01 995528]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-09-20 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-09-20 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-09-20 114688]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-12-19 76304]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2009-3-25 809488]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2009-02-19 05:30 72208 ----a-w- c:\program files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=

R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [3/25/2009 10:11 PM 10384]
R2 tmevtmgr;tmevtmgr;c:\windows\system32\drivers\tmevtmgr.sys [10/18/2008 5:25 PM 50192]
R2 TmPfw;Trend Micro Personal Firewall;c:\program files\Trend Micro\Internet Security\TmPfw.exe [10/18/2008 5:26 PM 497008]
R2 tmpreflt;tmpreflt;c:\windows\system32\drivers\tmpreflt.sys [10/18/2008 5:22 PM 36368]
R2 TmProxy;Trend Micro Proxy Service;c:\program files\Trend Micro\Internet Security\TmProxy.exe [10/18/2008 5:26 PM 677128]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\drivers\TM_CFW.sys [10/18/2008 5:22 PM 335376]
S3 getPlus(R) Helper;getPlus(R) Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [7/30/2009 8:16 AM 66056]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\cqd3krut.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-19 20:24
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3731511546-688822957-40144805-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,c4,5a,e7,25,ba,6f,42,a4,66,a0,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,38,c4,5a,e7,25,ba,6f,42,a4,66,a0,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1280)
c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll
c:\program files\common files\logishrd\bluetooth\LBTServ.dll
.
Completion time: 2009-08-20 20:27
ComboFix-quarantined-files.txt 2009-08-20 01:27
ComboFix2.txt 2009-06-03 15:35

Pre-Run: 31,238,021,120 bytes free
Post-Run: 31,364,599,808 bytes free

746 --- E O F --- 2009-08-15 08:00


Hijackthis:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:32:25 PM, on 8/19/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 6327 bytes

Thanks again for the assistance! Let me know what's next...

[muppy03]

Update Java Runtime

You are using an old version of Java. Sun's Java is sometimes updated in order to eliminate the exploitation of vulnerabilities in an existing version. For this reason, it's extremely important that you keep the program up to date, and also remove the older more vulnerable versions from your system. The most current version of Sun Java is: Java Runtime Environment Version 6 Update 16.

• Go to Java Site
• Click to Download Java SE Runtime Environment (JRE) 6 Update 16
• In Platform box choose Windows.
• Check the box to Accept License Agreement and click Continue.
• Click on Windows Offline Installation, click on the link under it which says "jre-6u16-windows-i586.exe" and save the downloaded file to your desktop.
• Go to Start => Control Panel => Add or Remove Programs
• Uninstall all old versions of Java (Java 3 Runtime Environment, JRE or JSE)
• Install the new version by running the newly-downloaded file with the java icon which will be at your desktop, and follow the on-screen instructions.
• Reboot your computer

Update Adobe Reader
Recently there have been vunerabilities detected in older versions of Adobe Reader. It is strongly suggested that you update to the current version. Adobe Reader 9.
You can download it from http://www.adobe.com/products/acrobat/readstep2.html
After installing the latest Adobe Reader, uninstall all previous versions.
If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Kaspersky Online Scan
Do an online scan with >Kaspersky Online Scanner<

• Read through the requirements and privacy statement and click on Accept button
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run
• When the downloads have finished, click on Settings
• Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
  Spyware, Adware, Dialers, and other potentially dangerous programs
  Archives
  Mail databases
• Click on My Computer under Scan
• Once the scan is complete, it will display the results. Click on View Scan Report
• You will see a list of infected items there. Click on Save Report As...
• Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button
• Please post this log in your next reply

Please reply with:-

• kaspersky report
• New HJT log
  

[catalia]

Kaspersky log:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Friday, August 21, 2009
Operating system: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Saturday, August 22, 2009 04:21:40
Records in database: 2674329
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\

Scan statistics:
Objects scanned: 42350
Threats found: 3
Infected objects found: 33
Suspicious objects found: 0
Scan duration: 00:56:54


File name / Threat / Threats count
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruicqisbskfcn.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruidnneebrn.sys Infected: Rootkit.Win32.Agent.mdu 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruidqgbdalvpu.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiepvkwfcqdv.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruigngdmyercc.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruigpxtcygkdk.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruihaolwoojmn.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruihcrsuchgxs.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruihehaehmi.dll Infected: Rootkit.Win32.Agent.mdt 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruihwooydiokl.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruilhmhipfwbf.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruilhptqfeica.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruilnauigltfo.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruimgctalvyxy.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruimidyqytljw.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruimltnbbtrad.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruionmvragtal.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiotjhmmeklp.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruipakpqcycab.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiqntotlcayh.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruirwfkhlglul.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruishacohbrct.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruisvtwxerksa.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruitpipgqjama.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiultibocnoh.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiuulwslhn.dll Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruivbhhsbffay.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruivfaxmijcci.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruivppdpjkmad.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiwabxjdtlxa.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiyajqckjopw.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiykjpeurfyn.tmp Infected: Trojan.Win32.Monder.cqbi 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\hjgruidnneebrn.sys.vir Infected: Rootkit.Win32.Agent.mdu 1

Selected area has been scanned.


HJT log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:47:50 PM, on 8/21/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Java\jre6\bin\java.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 7159 bytes

[muppy03]

That’s looking good, are you having any problems? How is everything running?

Empty this folder:

C:\Program Files\Trend Micro\Internet Security\Quarantine

Empty Recycle Bin.

[catalia]

The PC is running good.

Re: Empty this folder:

C:\Program Files\Trend Micro\Internet Security\Quarantine

I was not able to delete everything in the folder. A handful of files deleted when I used Windows Explorer, but in order to get most of the rest of it deleted I had to go way back in my memory and did a MS DOS del\*.* in the folder. Most of the files were deleted, but I still got a message in the CMD window that I could not delete the remaining two files.

The two files that remain are hjgruihehaehmi.dll and hjgruiuulwslhn.dll

When I access the quarantined files folder through Trend Micro, it does not show them, but they are still in the folder. I would really like to get rid of them.... Please advise. Thanks again for all your help!

[muppy03]

Download and Run OTM.exe

Download OTM.exe by Old Timer and save it to your Desktop.

• Double-click OTM.exe. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
• Copy the lines in the codebox below.

Code: Select all

:Files
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruihehaehmi.dll
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiuulwslhn.dll

:Commands
[EmptyTemp]
[Start Explorer]
[Reboot]

• Return to OTM.exe, right click in the Paste Instructions for Items to be Moved window (under the yellow bar) and choose Paste.
• Click the red Moveit! button.
• Copy everything in the Results window (under the green bar), and paste it in your next reply.
• Close OTM.exe

Please reply with:-

• OTM log
• New HJT log
  

[catalia]

I think that got them! Log files are below:

OTM:

All processes killed
========== FILES ==========
LoadLibrary failed for C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruihehaehmi.dll
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruihehaehmi.dll NOT unregistered.
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruihehaehmi.dll moved successfully.
LoadLibrary failed for C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiuulwslhn.dll
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiuulwslhn.dll NOT unregistered.
C:\Program Files\Trend Micro\Internet Security\Quarantine\hjgruiuulwslhn.dll moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 77341487 bytes
->Temporary Internet Files folder emptied: 10189879 bytes
->Java cache emptied: 13559792 bytes
->FireFox cache emptied: 33246811 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2162283 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
Windows Temp folder emptied: 483 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 130.24 mb


OTM by OldTimer - Version 3.0.0.6 log created on 08232009_211334

Files moved on Reboot...

Registry entries deleted on Reboot...

HJT Log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:19:18 PM, on 8/23/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Trend Micro\BM\TMBMSRV.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
C:\Program Files\Trend Micro\Internet Security\TmProxy.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\notepad.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe
C:\WINDOWS\system32\igfxtray.exe
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe
C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe
O4 - HKLM\..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe
O4 - HKLM\..\Run: [EPSON Stylus Photo RX500] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2K1.EXE /P24 "EPSON Stylus Photo RX500" /O6 "USB001" /M "Stylus Photo RX500"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [UfSeAgnt.exe] "C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe"
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [igfxtray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [igfxhkcmd] C:\WINDOWS\system32\hkcmd.exe
O4 - HKLM\..\Run: [igfxpers] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKCU\..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe
O4 - HKCU\..\Run: [Advanced SystemCare 3] "C:\Program Files\IObit\Advanced SystemCare 3\AWC.exe" /startup
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} (get_atlcom Class) - http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: getPlus(R) Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: Trend Micro Central Control Component (SfCtlCom) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe
O23 - Service: SoundMAX Agent Service (SoundMAX Agent Service (default)) - Analog Devices, Inc. - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe
O23 - Service: Trend Micro Unauthorized Change Prevention Service (TMBMServer) - Trend Micro Inc. - C:\Program Files\Trend Micro\BM\TMBMSRV.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (TmProxy) - Trend Micro Inc. - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe

--
End of file - 7197 bytes